Possible to combine smartcard PIN with key password?
Peter Lebbing
peter at digitalbrains.com
Tue Dec 24 11:23:14 CET 2013
On 24/12/13 02:41, adrelanos wrote:
> Scenario #1
> ###########
>
> Adversary capabilities:
> - Can physically steal the smartcard.
The smartcard you could always keep on your person. This is slightly difficult
with computer hardware. So it seems to me that your adversary has an easier job
accessing your computer when you're not in the same room as your computer than
he has accessing your smartcard, which you could keep on a lanyard around your
neck and on your bedside table when you're sleeping[1].
Regarding the difficulty of wearing your computer: your adversary only needs
either your keyboard, your motherboard or your non-volatile storage. So even if
you have your OS on an SD-card on a lanyard around your neck, they can still bug
your keyboard or motherboard to log all keystrokes (returning later to collect
the keystrokes). Even if you keep a tiny computer on your lanyard (easy to
realise these days), that still leaves the keyboard.
And regaring the scenario: if you would keep your computer on your person at all
times, it is no longer easier to steal your computer than your smartcard, but it
is now equally difficult. The result is that the on-disk key again adds nothing,
because an adversary that can physically access the smartcard can also
physically access the computer. Only if you can make it more difficult to access
the computer than to access the smartcard, will the on-disk key add anything, I
think.
> Scenario #2
> ###########
This scenario doesn't involve additional security gained through two keys; it is
simply the advantage of a smartcard over an on-disk key.
HTH,
Peter.
[1] Or taped to your body if you're worried you might not wake up, but now
we're well into 007 territory.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list