More secure than smartcard or cryptostick against remote attacks?

refreshing at tormail.org refreshing at tormail.org
Thu Feb 7 11:19:04 CET 2013


> On 05/02/13 04:15, Robert J. Hansen wrote:
>> No.  There are none, nor will there be.  You absolutely must retain
>> control of the processing hardware GnuPG runs upon.  If you don't have
>> that control, there is literally no device -- hardware or software --
>> that can help you.
>
> While I agree with the broad sentiment, I'm not so sure a certain amount
> of
> damage control is impossible with what he/she proposes. If you have a
> device
> with small attack surface[1] that shows you the plaintext you're about to
> sign
> before signing it *with that device*, you can at least prevent making
> bogus
> signatures. That still means you're in trouble when your PC is under
> control of
> an attacker, but you can't be coerced to issue false signatures. That's
> certainly something.
>
> Obviously I'm assuming the private key is not on the compromised PC. I'm
> assuming a whole lot more that I'll leave implied. I'm just saying it
> doesn't
> sound over-and-shut end of the game to me when the PC is compromised.
>
>> This doesn't make sense to me.  You don't trust your PC running GnuPG,
>> so you want to verify your mail on a PC running GnuPG, just one that
>> happens to be 'trusted'?
>
> First of all, I think he/she meant "verify that the text I'm about to sign
> is
> what I intended to sign", whereas you are probably thinking of "verifying
> a
> cryptographic signature". And a dedicated, limited, well-designed
> single-purpose
> device is more trustworthy than an Internet-connected general-purpose PC
> under
> the right circumstances.
>
>> (Also, you seem to be using the word 'trusted' in a way opposite from
>> its real meaning.
>
>>From the context it's perfectly obvious what he/she meant and makes sense
>> in
> general English. Why argue semantics here?
>
> Just my 2 cents,
>
> Peter.
>
> [1] Read: not too much program code, well-defined limited communication
> interfaces. I'd prefer a serial port :). Certainly not a USB device,
> though it
> could contain a USB-to-serial chip, obviously.
>

Exactly what I wanted to ask and what I think. Couldn't write better. Thanks!




More information about the Gnupg-users mailing list