Smart cards

Alessandro Vesely vesely at
Fri Dec 14 12:41:51 CET 2018

On Thu 13/Dec/2018 10:48:52 +0100 Andreas Schwier wrote:
>> I agree that smartphones are not safe, but I am not particularly in favor of smartcards, dongles, and security tokens like yubikeys, either.
>> Any kind of special-purpose cryptographic *hardware* is essentially proprietary, and too attractive and soft a target for various nations' spy agencies to covertly backdoor. "Don't look at me! I've got something to hide, and nowhere to protect it!"
> So you really believe that international payment organizations or mobile
> network operators worldwide or border control authorities rely their
> risk management on a piece of hardware from well known chip manufacturer
> that could easily be subverted by a national security agency ?

Let me just note that there are people who believe it so hardly as to arrest
Meng Wanzhou.

> I you believe that, then an Intel Management Engine, a ARM Trust Zone or
> the baseband processor in mobile phone isn't anything better. Then it
> doesn't help if your software is open source, because your keys are
> "open source" as well.

You mean the backdoors in NIST elliptic curves?

> I've been working in the smart card industry for over 30 years now and
> the tale of subverted smart card chips has been around for ages. It's
> one of the often told myths - but there hasn't been any evidence that
> this has already happened.

Yet, alas, the software on OpenPGP cards "is not available as free software due
to NDAs required for certain parts", according to g10code[*].


> Yes, this technology is far from being perfect and so are people
> implementing code of those devices. We've seen a number of security
> flaws in smart card systems, that is unfortunately true. Still, I would
> rely on a smart card well designed for the purpose of keeping things secret.

Of course, one has to adjust the local paranoia level to some practical value.

>> There's a secure phone on the President's desk, and not even the Secret Service can say it's all that "secure."
> Fact or fiction ?

We miss a theoretical definition of "secure".  However, there are lots of funny
anecdotes about President's smartphone.

>> Open-source cryptographic software that runs on general purpose computer hardware is generally much more difficult to backdoor.
> And why ?

Free software is patched and upgraded much more often than proprietary one.
That increases difficulty considerably, methinks.


More information about the Gnupg-users mailing list