[Gnuk-users] FST-01 is going to be non-reproducible any more
Simon Josefsson
simon at josefsson.org
Tue Jan 12 08:32:40 UTC 2016
> Il 12/01/2016 01:29, NIIBE Yutaka ha scritto:
>
> > A possible scenario would be "Hub in the middle". An adversely put
> > a hub between your computer and FST-01 to monitor USB signals.
>
> The most probable scenario is some malaware/rootkit that gives
> attacker access to the machine. That's a game-over: keys are not
> compromised, but every accessed message/file is then compromised.
> Moreover, knowing your PIN the adversary can decrypt other
> messages/files w/o you knowing (unless there's out of band
> user-consent).
A simple way to resolve this is to add a button to the device, and
configure the device to require human interaction before a private key
operation. The latest OpenPGP Card specification supports this. I
think NIIBE already want to realize this though.
> If your profile is "high enough" for an HW attack, then a whole
> different level of paranoia is needed [...]
Agreed. I'm of the mind that making the device itself more
advanced (=expensive) to protect against these kind of attacks is not
cost effective for the majority of users. It is cheaper to invest in
traditional physical security of the device, and to only use it in
"safe" environments.
/Simon
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signatur
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20160112/83248db9/attachment-0001.sig>
More information about the gnuk-users
mailing list