Smart card

[Robert J. Hansen]

> Sorry, not any more. Look at the online-banking fraud business.
> Automated credential stealing tools from simple keyloggers to
> sophisticated maleware such as from the Zeus family are available on
> a pay-and-play basis.

I've seen some truly scary malware, and I'm not seeing the level of
sophistication you're talking about except from nation-state actors.

GnuPG certificates aren't targeted by mass-market malware because there
aren't enough GnuPG users to be worth targeting.  Malware that targets
online banking, though ... that's worth constructing specialized malware
to target.

> I thought your private key is so well encrypted that your can publish
> it in a news paper?

It is.  Those aren't the risks I'm talking about.

Why don't I want to store the private key on multiple computers?
Because a good rule of thumb in a forensics lab is "store the minimum
personal data possible on your systems".

Why don't I want an NFS mount?  Because these computers need to be isolated.

Why don't I want to use a USB drive?  Because USB is a critical vector
for malware, and as such USB devices are closely controlled and monitored.

Etc., etc.  Standard fare for a forensics lab.