Does the recent news about vulnerability of usb devices to attacks such as described in 'badusb' [*] mean that the usb reader into which the gnupg smart card is inserted is also vulnerable to exploits ?
Sure. But the *kind* of exploits are different.
If not, what is the essential difference that would make a usb memory stick compromisable but not the usb smart card reader ?
Not only did I already answer this, but you included it in your email (as a quote).
"Smart cards work by storing the key in a method where it cannot be read by the host computer. Once a key is moved to the smart card, it ceases to exist as anything other than a black box. Data can be sent to the smart card to be decrypted or signed, but the host computer has literally no access to the cryptographic key stored on the smart card. In a USB model, an attacker who can compromise your box can easily acquire your private key: wait for you to plug in the USB dongle and make a covert copy of your keyring. In a smartcard model, an attacker can't easily acquire your private key." _______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
