New smart card / token alternative

listo factor listofactor at mail.ru
Tue Nov 7 15:58:49 CET 2017


On 11/06/2017 10:26 PM, vedaal at nym.hush.com wrote:
> 
> On 11/6/2017 at 4:55 PM, "Tim Steiner" <t at crp.to> wrote:
> 
> With this solution you can keep the key offline, carry it with you and it  > works even on a computer where you can't install software...
 >
> We are interested to hear feedback on this approach from the community.
> 
>> =====
>> 
>> Using this on anything except your own computer, or laptop, is problematic...

=====

This is a mantra from another, more gentle time.

Today, there is a whole class of real-world use cases where the
protection of the user demands that it not be known to the adversary
he or she is communicating with someone, as much - or even more -
than it is required that the content of the communication is kept
confidential. If the connection between the user and the computer
is transient, there may well be many instances where the adversary
will not be able to identify the user, even if he manages to learn
the content, and where the content, without the identity of the
communicator, is of very limited value to the adversary.

It therefore appears to me this is a worthwhile project, provided,
like always, *and for any crypto*, the user understands his or her
threat model.





More information about the Gnupg-users mailing list