Smart card

Mike Gerwitz mtg at gnu.org
Tue Apr 11 05:20:43 CEST 2017


Duane:

On Mon, Apr 10, 2017 at 14:28:10 -0300, Duane Whitty wrote:
> Obviously I'm trying to lighten the mood a little and still explore
> what the possibility is, if any, of protecting data from the prying
> eyes of tier 1 actors who might not think that what you have is
> important enough to kill or injure you for but that they would try
> very hard to get by employing other efforts.  I'm not saying having a
> smart card reader and a pin pad here is going to be the magic amulet
> to protect your interests.

It's not that it's impossible to do.  But in most cases, because of all
of the software, hardware, and wetware used, the attack surface is
enormous.

If an organization did all of its sensitive computation in a Faraday
cage in an underground bunker under constant surveillance, where any
operation on any sensitive data requires N people present through a
secret sharing scheme, are you going to be better off?  Sure.  But still
not immune to various types of espionage.  And there are limits to what
is practical.

But that's different than the security of an individual, which is what
we've been talking about.  Corporations can afford to build secure rooms;
hire ex-government security officials and other security/crypto experts;
build their own hardware; etc.

But the more people you involve, the more people you have to trust too.

I do not believe that being the target of Mossad or the NSA or GHCQ or
other intelligence agency means that a sufficiently well-funded and
well-researched corporation is doomed to total compromise.  I haven't
been given reason to believe that through all the leaks we've
seen.  These intelligence agencies have immense resources, but certain
practices and procedures introduce bottlenecks that increase the
cost/risk of an attack possibly to the point that it's not worth
carrying out.  That's also a driver behind a lot of the legislation/laws
we see under the guise of protection against terrorism and "going
dark"---if you can't beat 'em, make them let you in.

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: </pipermail/attachments/20170410/01d047fa/attachment.sig>


More information about the Gnupg-users mailing list