On 2/6/13 4:28 AM, Peter Lebbing wrote: > Can you explain (broadly) how one would compromise the signature/the device > that > you sign with?
Happily! I have an OpenPGP smartcard and an SCM card reader. I installed it under Fedora 16 and it worked beautifully. Under Fedora 17 it's broken. After a few rounds of unfruitful debugging I gave Werner an account on an F17 box with this hardware plugged in, and even then we were unable to figure out what was wrong. So, since this device clearly doesn't work under F17 (or F18, now, for that matter), I've elected to stop using it in favor of using my desktop PC. Just makes sense. Damned thing doesn't work. -- And that is _exactly_ the attack I would use against any dongle you plug into a compromised PC in order to make signatures safely. If I've compromised the system, all I need to do is make the dongle not work properly. After a few rounds of frustrating debugging and discovering the thing just doesn't work, you'll revert back to using your compromised PC. You'll do it for the exact same reason that I stopped using my smartcard reader: "damned thing doesn't work." *Even if your dongle works exactly as intended*, I can -- by simulating a hardware failure -- drive you into a fallback where you use a compromised machine. Under the most generous assumption possible about your dongle ("it works perfectly and exactly as intended"), your dongle still doesn't work. And that, to me, is the definition of bogus. If under the most generous assumptions possible something still doesn't work, then that thing is bogus. Anyone who objects to this on the grounds of "well, that's a human exploit, not a technological one!" will get a cream pie thrown at them. *Of course* I'm going to exploit you-the-human. You're the crunchiest part of the system... _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users