[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: Possible to combine smartcard PIN with key password?
From: adrelanos <adrelanos () riseup ! net>
Date: 2013-12-27 0:42:05
Message-ID: 52BCCCDD.9090005 () riseup ! net
[Download RAW message or body]
NdK:
> Il 24/12/2013 02:41, adrelanos ha scritto:
>
>> Adversary capabilities:
>> - Can physically steal the smartcard.
>> - Capable of dismantling a smartcard to extract the key its holing.
>> [Maybe not now, but maybe in a few years the tool required to so so will
>> be available. Only making up the scenario here.]
>> - Not capable of breaking gpg's key encryption/password protection.
>> - Not capable of rubber-hose cryptanalysis.
>> - Not capable of installing a miniature camera and/or hardware keylogger.
> You're saying that he can lockpick your security door but can't break
> the glass of the window nearby...
Well, let's go through it.
>> - Can physically steal the smartcard.
A one time robbery or thief doesn't require that much skill. A hacker
conference where one steals a smartcard from a cardrader shouldn't be
that unrealistic?
>> - Capable of dismantling a smartcard to extract the key its holing.
>> [Maybe not now, but maybe in a few years the tool required to so so will
>> be available. Only making up the scenario here.]
This is the only thing I am asking to grant me here for the sake of
discussion.
>> - Not capable of breaking gpg's key encryption/password protection.
Being capable of that would be kinda big news? Either a huge
breakthrough in cracking cryptography or weakness in gpg. So not
assuming it isn't that much of a failure?
>> - Not capable of rubber-hose cryptanalysis.
That kind of capability in my opinion requires much more criminal energy
and logistics than a robbery.
>> - Not capable of installing a miniature camera and/or hardware keylogger.
That kind of capability in my opinion requires much more criminal energy
and logistics than a robbery.
> You're saying that he can lockpick your security door but can't break
> the glass of the window nearby...
I don't understand how you get to that conclusion.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic