More secure than smartcard or cryptostick against remote attacks?
refreshing at tormail.org
refreshing at tormail.org
Thu Feb 7 11:03:30 CET 2013
> On 02/05/2013 01:04 PM, Peter Lebbing wrote:
>> While I agree with the broad sentiment, I'm not so sure a certain
>> amount of damage control is impossible with what he/she proposes. If
>> you have a device with small attack surface[1] that shows you the
>> plaintext you're about to sign before signing it *with that device*,
>> you can at least prevent making bogus signatures. That still means
>> you're in trouble when your PC is under control of an attacker, but
>> you can't be coerced to issue false signatures. That's certainly
>> something.
>
> If you don't trust the PC that GnuPG is running on, don't run GnuPG on
> that system. (Or anything else that requires trust, for that matter.)
I have no reason to believe my system is compromised. Taking security very
serious. Otherwise I wouldn't bother posting here. :)
That sounds like a oxymoron. How can I be REALLY sure my system isn't
compromised? Mail clients and browsers are major attack surface and a
device exposed to internet can not be as secure as a small single purposed
device.
> It makes no sense to me to believe that it's somehow possible to have a
> dongle that you can plug into a compromised PC to make it safe (or
> safer) to sign with.
I think if designed right it works. This implies the compromised machine
can not attack the text reading and gpg signing device.
> If you believe the PC is compromised, cut it out
> of your process completely. There is no other realistic option here
> that I can see.
>
More information about the Gnupg-users
mailing list