Smart card

Robert J. Hansen rjh at
Sun Apr 9 22:44:03 CEST 2017

> But this is a dangerous
> article, and hard to distinguish between satire and actual security
> advice.  And there's both.

I thoroughly disagree.  This is not an article filled with actual
security advice.  It was published in USENIX's humor column, after all.
It is straight-up satire of tendencies that need satirizing.  Satire
deeply grounded in truth, yes, but I shudder to think of the foolishness
required to mistake this satire for actual security advice.

Satire is an excellent weapon against folly, and the idea that everyone
should use smartcards is exactly the kind of folly Mickens is railing

>> Once you assume that your opponent is specifically targeting you with
>> malware capable of sophisticated memory forensics, you're screwed.
> Again, defeatist.

No, realistic.  At that point you've got an attacker who is highly
motivated against you specifically, who has access to technical experts,
who has a significant operating budget.

"You're screwed" might be understating things.

> For your average user, yeah, they're screwed just by using technology in
> the first place---if not by crackers, then by adversaries like the
> companies they're feeding data to.  But _I_ could target someone with
> memory forensics "malware", and I'm not a cracker!  If not through an
> exploit for the slew of vulnerable systems users use, then through
> physical compromise of their computer.  Maybe pay out an evil
> maid.  I've never tried a cold boot attack, but maybe I'd have some luck
> with that.  We're not talking about State-level knowledge here---we're
> talking about using existing tools; we're talking about a privilege
> escalation vulnerability; we're talking about data swapping to disk;
> we're talking about Heartbleed, and Cloudbleed, and many other such
> bugs; ...and so on!

You're making my case for me.

> Nor should anyone think they are.  But it's sure as hell a smaller
> attack surface than the, uh, near-unlimited attack surface of an
> Internet-connected computer (or mobile device!) that most people store
> their private keys on.

I've always been amused by how often people think that if their keys are
safe, their communications are, too.

"I'm worried a well-funded attacker might root my laptop, plant a
keylogger, and get my passphrase and my secret key, and then be able to
read my email.  I use smartcards to prevent this attack."

Apparently, the prospect of a well-funded attacker rooting your laptop,
planting a trojaned GnuPG with a compromised PRNG, and being able to
read all your traffic at their leisure, though, you're just fine with that.

Once you assume the attacker can root your machine, *you* *are*
*screwed*.  There is no way around it.  The universe of malfeasance the
attacker can throw at you is effectively unlimited.  And you're
seriously saying, "but at least my keys are safe!"?

Give me a break.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 821 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170409/172a784a/attachment.sig>

More information about the Gnupg-users mailing list