On Thu, 4 Dec 2003 05:02, Andreas Schuldei <[EMAIL PROTECTED]> wrote: > * Russell Coker ([EMAIL PROTECTED]) [031203 04:03]: > > I have sent a message to Werner asking if the GPG smart-card device could > > be re-implemented with a USB interface. I think that a USB dongle with > > GPG technology would be a good option as most developer's machines > > already have USB support. > > as discussed in depth in an earlier c't magazine (german) usb is > not a save bus to use for security relevant applications, since > it allows for recording and backplaying of command sequences.
If the protocol for communication with the device is secure then this should not be a problem. If the protocol is bad then intercepting a different connection method is not going to be too difficult. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page