duane at nofroth.com
Mon Apr 10 19:28:10 CEST 2017
-----BEGIN PGP SIGNED MESSAGE-----
On 17-04-10 12:25 AM, Robert J. Hansen wrote:
>> I think this is being confounded by adjoining two
>> conversations---that smartcards provide additional security given
>> a compromised system, and the satirical quote your provided. I
>> was referring in this case to the latter.
> If you send or receive sensitive communications from a compromised
> endpoint, you're screwed. The smartcard will not save you. It
> When I hear people talk about how the smartcard will keep their
> keys safe even after a system compromise, I hear that as being like
> a survivalist talking about how great it is his tiny bomb shelter
> will keep his seeds safe after a direct hit from a nuclear bomb.
> Great, I'm very happy for you, but you're giving *terrible* advice
> to people who are worried about the bomb dropping. Even
> encouraging them to move somewhere that's not a high-priority
> target for a nuclear strike, as impractical as that advice is, is
>> My point is that if you base your entire threat model and
>> practices on the fact that some attacker somewhere is going to
>> succeed in a targeted attack against you, then you may as well
>> give up on security period.
> If your threat model includes Tier-1 actors, you're gonna get
> You. Cannot. Win.
> Therefore, any threat model that assumes you're the target of
> Tier-1 interest is inherently -- I'll say it again -- screwed.
> Once you become a target of Tier-1 interest it's all over.
> Don't come to their attention. And don't mislead newbies by making
> them think they can win against Tier-1s, either.
>> You seem to be suggesting that key safety isn't even a concern if
>> you're compromised---that nothing else matters, and the
>> distinction between a compromise as you described with or without
>> access to the key(s) is irrelevant.
> You seem to think that your bomb shelter surrounded by five
> hundred meters of radioactive fused glass is somehow a win. After
> all, your keys are safe, right?
> Preserve the security of your endpoint system. Nothing else will
> _______________________________________________ Gnupg-users mailing
> list Gnupg-users at gnupg.org
What if it's your business that's the target of tier 1 Western
Intelligence actors who are interested in collecting intelligence on
said target so as to bestow competitive advantage to your competitors
for whatever the reason may be? My explicit assumptions for such a
situation is that they don't want their target to know they are under
surveillance and as result they aren't going to be knee-capping the
target's employees to get their desired information. Business
premises and data at rest and in transit is fair game as is the use of
malware, root kits, warrantless wiretaps, etc.
Perhaps the situation is that you're a Canadian jet engine
manufacturer that has come up with a prototype for super efficient
mach 2 capable engines for commercial aircraft :-D Of course you want
to make sure that you and your engineers and other employees with
access to sensitive data employ whatever measures you can to avoid a
data compromise. :-D
Obviously I'm trying to lighten the mood a little and still explore
what the possibility is, if any, of protecting data from the prying
eyes of tier 1 actors who might not think that what you have is
important enough to kill or injure you for but that they would try
very hard to get by employing other efforts. I'm not saying having a
smart card reader and a pin pad here is going to be the magic amulet
to protect your interests.
<<Flame retardant suit on, fire away :-D >>
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users