[Gnuk-users] FST-01 is going to be non-reproducible any more

NIIBE Yutaka gniibe at fsij.org
Tue Jan 12 03:59:03 UTC 2016


On 01/12/2016 11:53 AM, Yuji IMAI wrote:
> I read it again and find he just described notes electromagnetic
> radiation.  There appears no word like TEMPEST nor side channel
> attack. I may confuse discussion.

Perhaps, you would be confused by the paper.

    Stealing Keys from PCs using a Radio:
    Cheap Electromagnetic Attacks on Windowed Exponentiation
    http://www.tau.ac.il/~tromer/radioexp/

It is against old versions of GnuPG on a laptop (not Gnuk Token) and
the paper says the attack can be mounted from 50cm away.

I don't know this kind of attack can be possible against Gnuk Token.

To be a target of such an attack, Gnuk should be more popular.


> In short, We had better making sure "directly" connecting my PC and
> the Gunk token before worrying about remote inference. Right?

We should care about anything unusual, a hub, an antenna, a power
source, a room which can hide large antenna, or a microphone, etc.

My point is that: when we connect our token directly (without a hub),
we can decrease the items in a check list.  If you use a hub to
connect your token to PC, the hub should be in your check list (also
customizing the hub to detect modification makes sense to me).  If you
use a extension cable, I'd say, it's better to customize it too.
-- 



More information about the gnuk-users mailing list