Paul Boddie wrote: > How does the idea relate to things like PGP key storage on smartcards? For > example:
I don't know much about card-based solutions. E.g., how many formats are out there, how many voltages, are those designs global or do you need one for each continent or even country, etc. The basic concept is to keep the "trusted" computer in the card and to add a "trusted" user interface (i.e., no keylogger, display shows what the trusted computer sends) and an equally trusted trusted-UI-to-trusted-computer interface. That way, you get two-factor authentication: you need to HAVE the card and you need to KNOW the code you type in on the keyboard. If your code gets compromised (e.g., someone added a key logger to your card reader), you still have the card acting as a "key", but it could then be used to authenticate automated fraudulent transactions. If the card merely stores a key but doesn't need to be trusted (or if the issuer of the card decides to trust you to set up a trusted environment), then you could move all this into the password safe. Note that such trusted environments may have requirements the safe may not meet, e.g., hardening against key snooping by monitoring power consumption, processing time, and by varying the chip's operating environment. > Although lots of services still work in terms of passwords, I can foresee > people starting to use PGP a lot more, If it's just PGP, you can encrypt the secret key and store it in the safe, just like any other password. Then add some protocol to do the processing you want to be done with it. Such a solution can exist in parallel to any cards. > However, these systems appear to give the control > over actually making signatures to the organisations running those systems, I very much hope the Snowden reports will be the final nail in the coffin of CA-centric signatures and authentication. > One supposed concern that government agencies (the normal ones, not the ones > doing all the spying) have is that individuals might not be able to look > after their keys, and that services in proper datacentres are needed to do > that for them, Naw, a smarcard would be sufficient for hiding the key. You don't need massive processing power either. E.g., if you want to do something on a TB of data, you wouldn't run that TB through the card's poor little electronic brain, but you'd generate a random key and ecrypt that with the card (for encryption), or do the same with a secure hash (for signing). The authorities also don't have to have faith your judgement when adding people to your Web of Trust. They can simply sign your key and only consider their signatures when checking your credentials. That's pretty much the same as in a CA-based scheme. - Werner _______________________________________________ Qi Hardware Discussion List Mail to list (members only): [email protected] Subscribe or Unsubscribe: http://lists.en.qi-hardware.com/mailman/listinfo/discussion
