Smart card

Roy A. Gilmore rag at ragged-software.com
Mon Apr 10 01:35:03 CEST 2017


OMG, this thread has gotten completely out of hand. I will reply to my
own message in an attempt not to add too much to the hate and discontent
already present. This is exactly why I normally only lurk, rarely
comment, and only ask a question when I absolutely have to. I'm sorry
that I bothered. I was trying to be brief when I made the "key under the
door mat" analogy. But, I stand by the idea that I believe allowing
physical access to your private key is a very *BAD* idea. Given enough
time and resources, any system can be compromised. I don't believe that
smartcards are the answer to all security issues, but, I do believe that
a smartcard can *HELP* to reduce *SOME* of potential exposure,
especially if used in a reader with a built-in pinpad. If the idea of
smartcards gets somebody to start asking questions about security, and
doing *SOMETHING* about their security, aren't they much better off than
before? Anyway, please just let this particular fork of this thread die,
and forget that I tried to contribute, I won't make that error again.

On 04/08/2017 10:30 AM, Roy A. Gilmore wrote:
> I've been watching this thread for a while, and felt the need to chime
> in. Are smartcards (or USB tokens) a PITA? Sometimes. BUT, leaving your
> private key on your laptop, tablet, or phone is about as secure as
> leaving a spare key to your house under the door mat. I cringe every
> time soft tokens are brought up. Laptops, tablets, and phones are
> hacked, lost or stolen frequently. If a physical smartcard or USB token
> seems like too much of an inconvenience, then your data probably isn't
> worth taking the time to encrypt in the first place. How much is your
> data worth to you?
>
> On 04/08/2017 01:29 AM, Robert J. Hansen wrote:
>>> Smartcards are a pain in the ass.
>> A funny but completely accurate way to put it:
>>
>> When your private key is on your laptop, you never put it through the
>> wash by accident.
>>
>> (I can tell you from personal experience most smartcards handle being
>> washed just fine, but the static charges they're exposed to in the dryer
>> will often fry them.)
>>
>> Once you make a smartcard into a credit card, or a dongle you hang off
>> your keychain, you open yourself up to some very interesting failure
>> modes -- many of which you won't see coming.  For instance, I once tried
>> to pay for a hotel with my kernelconcepts card, because it was located
>> adjacent to my credit card and I pulled it out by accident.
>>
>> _______________________________________________
>> Gnupg-users mailing list
>> Gnupg-users at gnupg.org
>> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users




More information about the Gnupg-users mailing list