sivmu <si...@web.de> writes: > it seems using those specific devices actually decreases > security, assuming it is easy to manipulate specialised vendors of > security hardware compared to manipulating electronic hardware in general.
Exactly, that's my point. This is the reason why my approach of Gnuk and NeuG tries to avoid specialized things. Even, I avoid using crypto accelerator, which (many of) experts say mandatory. I think that an approach using commodity hardware makes sense. My theory is that if it's simpler and cheap enough, difficulty putting backdoor would increase. I don't know if this is true, but I considered opposite must be likely; With enough space of silicon and enough complexly in design, attackers can do something more. > With nitrokey, both the hardware design and the software is open source > and both have been audited. Is it audited? I didn't know that. For me, audit by an expert (or two) is not enough. It should be possible by anyone, or at least, by any user who purchases it. It's sad for me that Nitrokey is not easy to open physically. I mean, opening the device to examine the board. > Bu I don't think that will keep some people from intercepting > deliveries of such devices or mess with the production. I don't know about the former, it depends on country. For the latter, it is real concern for me now. I make the hardware design as simple as possible so that inspection by human eye can be effective against replacing/adding chip. Difficult part (for me) is to assure initial firmware flashing in a factory. In (most of) factory environment, proprietary operating system dominates. I'm not sure if this is the weakest link, but this could be weaker point. When an attacker replaces the firmware to be written, it affects all devices to be shipped. Perhaps, it would be good if an MCU has a feature of reporting hash of its content of flash memory (even if flash is protected and it is not possible to read out its content). Then, an end user could examine the hash code. I think that the better current practice is: purchase commodity hardware and flash at the user side. -- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users