<html><head></head><body>Notice that some features, like the metal contact toggle on some yubikey can mitigate the problem of having an attacker with full local access. You then have to touch the key each time you want to use it, so illegitimate access would be noticed.<br><br><div class="gmail_quote">Le 8 janvier 2020 13:51:58 GMT+01:00, Andrew Gallagher <andrewg@andrewg.com> a écrit :<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">On 07/01/2020 22:58, Christoph Groth wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"> How about the alternative of keeping small USB keycards (like a Yubikey<br> nano) permanently plugged into the machines that you are using?<br> Assuming that you trust the keycards to keep their secrets, wouldn’t<br> that provide at least the advantage of a much shorter passphrase? Are<br> there any security disadvantages of such a scheme?<br></blockquote><br>That effectively uses the smartcard as a hardware security module, which<br>does have some advantages. The disadvantages are that if an attacker has<br>code execution access to your machine they still have full access to use<br>the key material. However, they cannot exfiltrate that key material, so<br>any malfeasance must be performed on your machine directly, which makes<br>it noisy. That may or may not be a deterrent, depending on your threat<br>model. It is more secure than having your private keys on disk, it just<br>may not be sufficiently secure.<br></pre></blockquote></div><br>
-- Envoyé de /e/ Mail.</body></html>