On 12/15/2016 04:18 PM, Andrew Gallagher wrote: >> On 15 Dec 2016, at 19:24, Lou Wynn <lewis...@gmail.com> wrote: >> >> If the host machine is compromised, what's the purpose of doing encryption >> on the SmartCard? Attackers don't need to know the key to get your plaint >> ext, because it is on the host machine. > The difference is that if you use a smart card in a compromised host, the > plaintext of particular messages may be compromised but the key itself > remains secure. It also helps in the case of hardware loss or theft, because > an encrypted drive can be brute forced, but smartcards have retry limits that > can't be worked around short of dissecting the silicon. I agree that a SmartCard can protect a private key, but that's a marginal benefit because the bottom line of using a SmartCard is the same as that of using an encrypted USB drive, which is
Do not use it in an untrusted or compromised host environment. If you stick to the bottom line, then there is no point to emphasize the difference. The difference only comes in when you violate the bottom line and want to use it in an untrusted or compromised host and "wish" that you could get security. In this case, SmartCard can prevent your key from being read. However, I would suggest anyone who uses a SmartCard not to do it at all because using it in such an environment cannot give you security: either signature or encryption. I'd like to say more about "brute force" since you seem to misunderstand the basic threat model of modern cryptography, whose design goal is only to allow brute force attacks. However, it's computationally infeasible in practice to guess the correct key by using brute force. A successful cryptographic design is one where there is no systematic way to break it unless an opponent can enumerate over the key space. SmartCard is no immune to this. A brute force attack doesn't need to read the card, and it simply enumerates keys in the key space used by the SmartCard. What you said--limiting the number of reads on the card--is not a measure against brute force. It is a measure to prevent reading secret materials. -- Thanks, Lou _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users