[Gnuk-users] Security of NeuG?
Jonathan McDowell
noodles at earth.li
Wed Feb 18 15:25:24 UTC 2015
On Tue, Feb 17, 2015 at 10:53:39AM +0100, Jonathan Schleifer wrote:
> Thanks for the explanation.
>
> I agree that encrypting it is overkill. If you can actually spy on the
> USB bus, then your system is pretty much compromised anyway.
My recollection about the justification for encrypting and pairing the
Entropy Key data is that it's fairly easily to MiTM a USB connection,
especially one with such a basic protocol. If the device is plugged into
an external port on the machine rather than secured inside the case it
gets even easier.
J.
--
Revd Jonathan McDowell, ULC | Give me liberty or I will cut you.
More information about the gnuk-users
mailing list