On Sunday 8. September 2013 00.00.49 Werner Almesberger wrote: > Paul Boddie wrote: > > How does the idea relate to things like PGP key storage on smartcards? > > For example: > I don't know much about card-based solutions. E.g., how many formats > are out there, how many voltages, are those designs global or do you > need one for each continent or even country, etc.
I don't really know much about them, either. That's why I was asking. ;-) > The basic concept is to keep the "trusted" computer in the card and > to add a "trusted" user interface (i.e., no keylogger, display > shows what the trusted computer sends) and an equally trusted > trusted-UI-to-trusted-computer interface. > > That way, you get two-factor authentication: you need to HAVE the > card and you need to KNOW the code you type in on the keyboard. > If your code gets compromised (e.g., someone added a key logger to > your card reader), you still have the card acting as a "key", but it > could then be used to authenticate automated fraudulent > transactions. > > If the card merely stores a key but doesn't need to be trusted (or > if the issuer of the card decides to trust you to set up a trusted > environment), then you could move all this into the password safe. I guess I should read up about these smartcard plus reader solutions. My only experience involved an online banking system where one inserted a card, entered a PIN when prompted, entered a challenge shown on a Web page, and then read off the response from the reader for typing into the form on the Web page. If I had to guess what went on there, I'd imagine that the PIN somehow persuades the smartcard to make some kind of key available for work, and then the key is used to transform the challenge text into a response text, with the processing being done on the card. I should probably do some reading to check how accurate this guess actually is. ;-) > Note that such trusted environments may have requirements the safe > may not meet, e.g., hardening against key snooping by monitoring > power consumption, processing time, and by varying the chip's > operating environment. Indeed. > > Although lots of services still work in terms of passwords, I can foresee > > people starting to use PGP a lot more, > > If it's just PGP, you can encrypt the secret key and store it in > the safe, just like any other password. Then add some protocol to > do the processing you want to be done with it. Such a solution can > exist in parallel to any cards. Right. > > However, these systems appear to give the control > > over actually making signatures to the organisations running those > > systems, > > I very much hope the Snowden reports will be the final nail in the > coffin of CA-centric signatures and authentication. Well, I was actually talking about systems where, after messing around with secret codes (maybe generated by one of those RSA code generator devices) or good old-fashioned ones distributed on paper, you authenticate yourself to an online service, but the action of signing something is apparently done on your behalf. Certainly, a public agency or online bank might ask you to input another secret code because you want to pay a bill or send some form or other, but the actual signing operation is performed on a server somewhere using a key you never get direct access to. In other words, they might as well be updating a row in a database, setting "has_signed" to true or whatever, especially given the lack of accounting I've occasionally experienced with certain financial institutions. So this isn't even a situation where you have something that someone "official" signs to certify it, so that other people can trust your own signatures. Instead, it's a situation where an "official" body signs everything on your behalf, ostensibly because you logged in to their service at some point and said you wanted to do something. At this point, CA-centric signatures are just a fond memory. > > One supposed concern that government agencies (the normal ones, not the > > ones doing all the spying) have is that individuals might not be able to > > look after their keys, and that services in proper datacentres are > > needed to do that for them, > > Naw, a smarcard would be sufficient for hiding the key. You don't > need massive processing power either. E.g., if you want to do > something on a TB of data, you wouldn't run that TB through the > card's poor little electronic brain, but you'd generate a random > key and ecrypt that with the card (for encryption), or do the same > with a secure hash (for signing). > > The authorities also don't have to have faith your judgement when > adding people to your Web of Trust. They can simply sign your key > and only consider their signatures when checking your credentials. > That's pretty much the same as in a CA-based scheme. Yes, the trust network will have the authorities at the centre. But anyway, I'm just gathering information to refute claims that the "common man" couldn't possibly be trusted to look after his own keys. If people can rely on distributed, personal solutions that prevent the theft and use of their private keys, a solid case can be made against centralised systems that perform cryptographic operations on their behalf. Sorry to interrupt the thread, though! Perhaps I should look around for similar gadgets to the one you propose. Alongside those crossword solver products, newspaper readers may already be buying such things in their thousands! Paul _______________________________________________ Qi Hardware Discussion List Mail to list (members only): [email protected] Subscribe or Unsubscribe: http://lists.en.qi-hardware.com/mailman/listinfo/discussion
