More secure than smartcard or cryptostick against remote attacks?
Peter Lebbing
peter at digitalbrains.com
Wed Feb 6 10:28:13 CET 2013
On 06/02/13 02:49, Robert J. Hansen wrote:
> It makes no sense to me to believe that it's somehow possible to have a
> dongle that you can plug into a compromised PC to make it safe (or
> safer) to sign with.
Can you explain (broadly) how one would compromise the signature/the device that
you sign with?
I myself always say "if you don't control your own PC, it's over". I don't see
however how that compromised PC in this instance can force me to do false
signatures, which is the context I'm placing it in.
You're still majorly screwed, obviously. An attacker will easily come up with
some other nasty thing to do to you. Just not issuing false signatures.
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list