-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Hi Philip,
> Does the recent news about vulnerability of usb devices to attacks such as > described in 'badusb' [http://srlabs.de/badusb/] mean that the usb reader > into which the gnupg smart card is inserted is also vulnerable to > exploits? Yes. ANY USB device. Personally, I don't use a USB based smart card reader ;-) > If not, what is the essential difference that would make a usb memory > stick compromisable but not the usb smart card reader ? No. The principle difference remains, even for USB based SmartCard readers: even if you hack the (USB based) SmartCard reader, you still are not able to get hold of the secret stored within your private key since this key is even generated in the card, it literally only exists within that card and is only accessible (in terms of being used to compute something) through the card OS commands. Olav - -- The Enigmail Project - OpenPGP Email Security For Mozilla Applications -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Dies ist eine elektronische Signatur - http://www.enigmail.net/ iQGcBAEBAwAGBQJT45LpAAoJEKGX32tq4e9WET8L/Rxr5JtPbLdF6yhBZmRzJoTz bA/MfKyvK4Uccgq9BEu1Bce60T//SE0uQsLtaRo2qCNOLolUkVOl6630ujTLH+9s TAwFH8UShi3WP6dRgndE9GBS3w6rmygDK2DPkLpUMUBslTyCJtfvz92egR3cScVZ 0NTW2rHSf4pZxieK2KWXLAbq4+epnn7xbvTAFqbUVVQEuwk4BklcSoXYMXksihs9 RQfn1dnXviwLLxPh2S1GiYH/jsAYwjXaHA478tZgnLA/ThmrZm0yH3QpjChew/fu peC4vf2vHCVf64+NslAWLgdRTe42OgIdHEivTXYztYhhRgURx0h5khZ1uR8mB4V3 nbNEZoFJhY/4JuRIo3iJEQoIEJzFIPXayUaESQmFVhebETh12BIblXXCPakEu/B4 Q/nLbMHgEkUPysHOOv7XGetYIvonuu8puSmg9L9OFVQqHUIRAVyBZsyW5X+w0Vzq SFz1Z0xAD7QX4I3TAo0HZDscCN+iL9mLL8/AjhPExw== =Da2t -----END PGP SIGNATURE----- _______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
