On 12/15/2016 08:35 PM, sivmu wrote:
From what I understand, a malicious token can e.g. perform encryption operations with weak randomness to create some kind of backdoor that is hard to detect.
The token is normally not used to perform any *encryption*. You encrypt with the public key of your correspondant, which is stored on your computer, not on your token (there's no need to protect it since it is a *public* key). You use your token to *decrypt* messages that were sent to you--and at that time, even if the token is malicious there's nothing it can do to mess with the encryption.
What a malicious (or faulty) token *could* do is generate a weak key, that your opponent could break once and for all and then use to decrypt all messages sent to you. Smartcards generating weak keys have already been observed in the wild [1]. If you worry about that, simply generate your keys on a computer you trust, then load them onto the token, without ever using the token's own random number generator.
Maybe there is also a way to secretly send the secret keys loaded onto the smartcard/token to the adversary using the PC and network it is used on.
I'll admit readily that I am not an expert on this, but I don't see how that could be feasible without the help of the host PC--meaning your opponent would have to both (1) compromise your PC and (2) send you a malicious token. But if he could compromise your PC, he would have no need for a malicious token.
I guess your attacker could use a USB token as the mean to compromise your PC (names like "Bad USB" come to mind), but if you worry about such attacks, you should be wary of *any* USB device you buy (keyboards, mice, mass storage sticks... or even desktop missile launchers), not only cryptographic devices.
Damien [1] https://eprint.iacr.org/2013/599
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
