patients and with colleagues, we are legal advisers, we are ..., we are who we are and we have secrets, and there are those who want to know those secrets.
Yes. And we're also just normal people sharing barbecue recipes with our friends. If you're in Texas, then I suppose a barbecue recipe is considered a national security secret and worth killing to keep private. In the rest of the country that's just seen as overkill. It's definitely true that certain industries and people are at high risk for intrusions and looting. It's also definitely true that certain industries and people are at low risk. Let's not go about saying that *everyone* is at high risk, because not everyone is.
I do not get your point here. My proposal is to operate the keyring from a USB stick. What is the difference with operating it from a smart card?
Exactly what I said. USB is completely broken as far as security goes. A USB device cannot be made secure. Thumb drives are malware vectors par excellence, and with some of the recent attacks which work by exploiting the firmware things get even nastier and harder to defend against. If you're concerned about a remote attacker exploiting your system from afar, you should also be concerned about a remote attacker rooting your box and exploiting the hell out of your USB stack. Smart cards work by storing the key in a method where it cannot be read by the host computer. Once a key is moved to the smart card, it ceases to exist as anything other than a black box. Data can be sent to the smart card to be decrypted or signed, but the host computer has literally no access to the cryptographic key stored on the smart card. In a USB model, an attacker who can compromise your box can easily acquire your private key: wait for you to plug in the USB dongle and make a covert copy of your keyring. In a smartcard model, an attacker can't easily acquire your private key. _______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
