> The attack you describe is significantly more complex and more > visible than the attack the original poster outlined.
Right: that's because the original poster outlined an attack which was, in my opinion, naive. If Eve can read arbitrary memory locations on your desktop PC without your knowledge, then Eve's got root access. At that point you need to start thinking like a clever person with root access. The alternative is to say, "well, assume Eve's got some exotic side channel that only allows her a limited ability to monitor..." Okay, great: what's the side channel? Defending against a side channel that you don't know exists is pretty suboptimal, too, since you can always imagine another hypothetical side channel. > Yes, in the long run, if you can't trust your endpoint, you can be > compromised. This isn't about not trusting the endpoint: this is about a security system built on the assumption the endpoint is already compromised. There is no "in the long run" here. If your endpoint is compromised and you're using it to do crypto operations, you're living in sin. Smartcards exist to keep private keys safe(r) from being stolen. They do a pretty good job of that. But when we expect smartcards to be able to somehow make a compromised environment safe to operate in, then we've crossed the line and turned them into magic crypto fairy dust.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users