On December 12, 2018 10:13:58 PM AKST, Werner Koch <[email protected]> wrote: >On Tue, 11 Dec 2018 19:27, [email protected] said: >> using openkeychain with a yubikey nfc is totally solid, and >convenient. >> I've been using them for years. they also plug into the bottom of the >> phones which some people prefer. > >You should keep in mind that you can eavesdrop on NFC communication >within several meters. Right, it is required that the card is niot >more >than about 10cm away from the reader but that is only to convey the >power to the card, the HF is readable from several meters as soon as >the >card is powered up. > >If you care about side channel attacks, NFC communication is a bad idea >because the decrypted session key can easily be picked up. To avoid >this, /secure communication/ needs to be used but that is cumbersome >because this requires a shared secret between host and card. But well, >smartphones are not a safe device anyway. > > >Shalom-Salam, > > Werner
I agree that smartphones are not safe, but I am not particularly in favor of smartcards, dongles, and security tokens like yubikeys, either. Any kind of special-purpose cryptographic *hardware* is essentially proprietary, and too attractive and soft a target for various nations' spy agencies to covertly backdoor. "Don't look at me! I've got something to hide, and nowhere to protect it!" There's a secure phone on the President's desk, and not even the Secret Service can say it's all that "secure." Open-source cryptographic software that runs on general purpose computer hardware is generally much more difficult to backdoor. If you plug some little doohickey or thingamagig into your computer to do *crypto*, of all things, your computer is liable to become infected with spyware over the USB bus via BadUSB and various firmware- and device-related security vulnerabilities. -- A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed. https://www.colmena.biz/~justina/justina.colmena.asc _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
