-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 15/08/12 20:46, Alexandre Dulaunoy wrote:
> It's more than a theoretical attack, the Sykipot Malware is > proxying access to the smartcard reader. And by so the attacker is > able to use the functionality of the card without requiring to > tamper the card itself. > > For a complete analysis of the malware: > > http://www.sans.org/reading_room/whitepapers/malicious/detailed-analysis-sykipot-smartcard-proxy-variant_33919 > > I hope this helps. Obviously, if malware is in control of your machine, one of the many things it can do is talk to the smart card reader. It can't force you to enter your card though, and it can't read the keys from the card when it's inserted, and if you're using a hardware pin pad, it can't intercept your pin either. It can attempt to initiate decryption/signing, but it still requires the user to enter their pin, so some sort of social engineering is also required. It could wait for you to try to decrypt/sign something, and then send some alternative data to sign/decrypt to the reader instead, but at least the user would see that something went wrong, and that would only work for one sign/decrypt operation. So using a smartcard prevents an attacker from getting access to your keys, and severely limits the amount of decryption/signing they can do even if they completely own your machine. However, if they completely own your machine, you're probably screwed anyway. On the other hand, this is not what was originally asked. The question is, can an attacker with physical access to the card, either use it, or read the keys off it. And the answer is: With a lot of money, probably. Personally, I think that remote attacks against my system are many orders of magnitude more likely than physical attacks where an entity with lots of money steals my card and reads the keys off it. So I'm happy to put my keys on a smart card. - -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 -----BEGIN PGP SIGNATURE----- iQGGBAEBCgBwBQJQLK99MBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBOTtCADF3g30Hrlh dYGg2F1f91Dd3VJJMM6yHC/DCDYs/MwmaSiAleSXghbJkaDcLRFAsXCaD4a/fKrP GptSt+fl3/G6QDtiIYoD55VqHNKm+gGafugkgfuLkgo3moEUmlMUITjqKo8NDQeo //wy1Xln/cz9w7pjrXDvYgjthK3LgyDDRSy8JyjyNn7cW5qZ+9vgam7tBHZa1n2w ZLSvKT5ROfk0Qwujnhha+SD2hc8xmlJi8GoyaWCqGVUCsLR2wB+sUzyLBdhwZAgR GcrM0DV2lZ7hUd1KWGSxH8sXCGItBLMJV5vvmhcwTQt1k69bRZhIk2EUSzEjifvw HvHyLpIJyZDX =ZkzY -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users