|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Got it. Can we go the smartcard route already? Thx Roland On 06/08/2014 16:24, Robert J. Hansen wrote: >> patients and with colleagues, we are legal advisers, we are ..., we >> are who we are and we have secrets, and there are those who want to >> know those secrets. > > Yes. And we're also just normal people sharing barbecue recipes with > our friends. If you're in Texas, then I suppose a barbecue recipe is > considered a national security secret and worth killing to keep private. > In the rest of the country that's just seen as overkill. > > It's definitely true that certain industries and people are at high risk > for intrusions and looting. It's also definitely true that certain > industries and people are at low risk. Let's not go about saying that > *everyone* is at high risk, because not everyone is. > >> I do not get your point here. My proposal is to operate the keyring >> from a USB stick. What is the difference with operating it from a >> smart card? > > Exactly what I said. USB is completely broken as far as security goes. > A USB device cannot be made secure. Thumb drives are malware vectors > par excellence, and with some of the recent attacks which work by > exploiting the firmware things get even nastier and harder to defend > against. If you're concerned about a remote attacker exploiting your > system from afar, you should also be concerned about a remote attacker > rooting your box and exploiting the hell out of your USB stack. > > Smart cards work by storing the key in a method where it cannot be read > by the host computer. Once a key is moved to the smart card, it ceases > to exist as anything other than a black box. Data can be sent to the > smart card to be decrypted or signed, but the host computer has > literally no access to the cryptographic key stored on the smart card. > > In a USB model, an attacker who can compromise your box can easily > acquire your private key: wait for you to plug in the USB dongle and > make a covert copy of your keyring. In a smartcard model, an attacker > can't easily acquire your private key. > > _______________________________________________ > enigmail-users mailing list > [email protected] > To unsubscribe or make changes to your subscription click here: > https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.21 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJT4kt5AAoJEK7sXi7Ydij102AIAIItYJXz35XzDUzgbLtz67ZT 4zULH0WBE1HwXHI62u/FDcMV3zK37POYmhFfdoiAVtx8az6PBggmkJIhsO3ruDws hqswKqbl5TNdk2+kqiOMW9RJP1ZjU+gGPFigjk39xHb1KVYj+iG+xSVdQA/NJDVv vZPPRKvV5/fQ0UJuvDR/dfc/QGLd4hxg/yQDTGnKupkH0OQe2MRrgAMk1QnvAJZ4 gJ2BPLXQzrQtsILjrz60RaSQ4PtcYTVgWe80AD75ZrkDPGmxX2077oju10eA8xlB Kuf3d0eIHke3mtH1q2ICl1d4B/e97bKFPwzBMv/avhxXaxeyayHcLsTKaDh5T3k= =pWZa -----END PGP SIGNATURE----- |
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
