-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, I'm thinking about the following scenario: There is a smartcard with subkeys for encryption, signing and authentication. The secret primary key is stored encrypted (eg. a truecrypt container) and only used on an airgapped, offline machine when signing other peoples keys or changing the expiration date of the subkeys. Assuming the truecrypt container uses a really strong password (so bruteforcing is not an option), is there a need for a strong admin PIN and a strong passphrase? I'm thinking about a threat model for this and the attacker's options (BIOS/UEFI backdoor or someone just 'looking over your shoulder'). In any case there seems to be no really benefit of using extraordinary strong admin pin because there are only three tries before the card get rendered unusable. The passphrase is only used in the secure environment. So if the attacker can find out the truecrypt password he probably can capture the passphrase and/or admin PIN too. Am I missing something?
dk -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCgAGBQJWW4SMAAoJEA7irlPqaBCOLcQP/izvG02yXN7F/zrnLq2QxbuJ 8+tcahDR/ixxt23T6GhZlpG8M0ztGi5HYtloYvzU3Xp+sGpULsJeif3eFfZ7qpT+ eNVmh0hSUs2tI14pvziuCUzr2c8c6svm55TPMMfIuupD7OyZc0Xwz+8xN5UrXz8X JtSztX9f3yesYUEAnimL072eKWetyjUVayhzVF0ZKw7DGxQZGErC+yKIHc/J1eWB SdSWO7SZpMQpXKd/u2EFkvpN+w8wm8Kbwh+CBPJqIHezqRZTEaoDh5S2H3a17UWT BxFQllL6U9/o0twXZUOt/D+FTsknj7XjMnpbXMwwTjkymvItNbmcTHmhz6kArpzS +Dvw6Nd5o+gC8RQdabGvOHl4OLJGJEQPZh3rON0yVuzZtqL/7fMjjZqSe0Nh+DV9 fKe00PQ/YUcUiDqyabBhJaKZeGDxfJFsqU3MOcX4qoKZaCSfRqaZnWKHuOhfunfk n6c3MqFgXVIRY7r2hX0VZpEdQNV0+UaofnbsG7hg/+tnAIV8r/tvld68jpeh+i4d 73J5LLrQejPMsoBEdA1MjD7eycMyyolWEzxr+OfU5COFM69HNAdrkd2zBChFcVmm pF/bBngmXAzpnfRTgwIW3glvrBuyYJxX0fehZqXcOuvFjMANvV+Zesmva+k8pPry WM+JoPPVDf5cV80UEg43 =IIug -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
