Communication with card reader encrypted?
Felix E. Klee
felix.klee at inka.de
Sun Aug 26 09:48:31 CEST 2018
On Sun, Aug 26, 2018 at 12:31 AM, Dirk Gottschalk
<dirk.gottschalk1980 at googlemail.com> wrote:
> This is a really interesting question. But, does this really matter
> got an USB device? If there is a program on your computer, which
> interceps the communication, the security of you system is already
I am more thinking about a hardware attack. If the communication is not
encrypted, this opens another attack vector. For comparison, think about
[key loggers]. Putting a hardware logger somewhere between the USB
peripheral device and the computer is potentially easier and quicker
than tampering with either the peripheral device or the computer.
Background: I want to put my SCM SPR332 v2 card reader into a different
enclosure, so that it’s more portable for [use with my mobile phone].
The very long cable also needs to be replaced. One option is to add a
USB port to the reader so that arbitrary cables can be used. This
thought coincided with me reading about [doctored USB cables]. I
don’t want to be required to trust three devices: phone, reader, and now
More information about the Gnupg-users