"general purpose OS is fundamentally inadequate for trusted operations"

Robert J. Hansen rjh at sixdemonbag.org
Mon Apr 24 13:23:23 CEST 2017


> The use of smartcards is to me only a welcome sign that a
> growing segment of gpg users appears to agree with that
> proposition.

The overwhelming majority of GnuPG users do not know enough about
information security to have an opinion worth listening to.

More than that, they shouldn't need to.  GnuPG is meant to be a tool for
regular users.  It fails at this pretty badly for a variety of reasons,
not all of which are within its control, but that's always been the
goal.  If we expect GnuPG users to be experts in information security,
then we've utterly and completely failed.

A consequence of this is there will always be fads and fashions running
through the community, things that many users embrace because "it's more
secure" when the reality is it's nothing of the sort.  Look at how many
people think 3DES is obsolete, for instance, or that anything less than
AES256 is risky.

One fad in particular -- using symmetric algorithms of comparable
strength to your asymmetric key -- has been going on for more than 25
years.  Phil Z made this recommendation back in the days when he thought
Bass-o-Matic was secure, and it was bogus even then, too.  No, this
won't give you a "balanced system".  (Phil Z was apparently badly
misunderstanding a "balanced network" -- a property of Feistel ciphers.)

Smartcards are that same thing today.  They can be, *in some
situations*, a good tool.  They are not a *generally recommended* tool.

> They should be helped and advised how to better
> tackle the problem

This is exactly what we've been doing.  Except "the problem" was not, in
Mr. Senn's case, so much "how do I use a smartcard with GnuPG?" as it
was showing him the real question was, "will using a smartcard with
GnuPG help me?"

And that's a hard question, and an interesting one, and it deserves to
be seriously addressed.  Ultimately he decided he'd like to learn more
about them just because, and that's a perfectly valid use case!



More information about the Gnupg-users mailing list