GPF Crypto Stick vs OpenPGP Card
Hauke Laging
mailinglisten at hauke-laging.de
Fri Dec 10 01:03:58 CET 2010
Am Montag 06 Dezember 2010 20:21:36 schrieb Marcio B. Jr.:
Sorry, spam filter...
> Hello,
> sorry for this insistence. I just want to get it clearly.
>
> So, you mean those devices certainly protect information better than a
> regular computer (even if making proper use of disk encryption
> software)?
In general that is correct. In detail that depends on the kind of attack and
the computer usage.
If the computer has a network connection with not completely secure systems
then the discussion ends at that point. Disk encryption does not protect
against online attacks. With regard to every normal PC a smartcard is the
better solution.
You need a hardware attack in order to get keys out of a smartcard. If you can
spend millions of dollars for that then it's possible.
If you have an offline PC which never runs complex software with data from
outside then disk encryption can be even safer than a smartcard. If the
integrity of the hardware is not an issue and only obvious attacks are an
issue (stealing and siezing) then only software attacks against the disk
encryption are possible which can easily be made as hard as the key itself
(making an attack a waste of time, no matter how much money you throw at it).
But can you be sure that this is the only kind of attack? ;-) It would
usually be much cheaper to get access to the system and manipulate the
hardware, with a hardware keylogger e.g. than to get a key out of a smartcard.
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20101210/81eb71d2/attachment-0001.pgp>
More information about the Gnupg-users
mailing list