Thanks for all the very kind and helpful responses! Responding to Timothy's humor, I am in fact VERY pro-U.S. Government. More than I can reveal in this forum. But with that said, sometimes mistakes are made and sometimes policies and I do not agree. One thing I can reveal, as it's general knowledge, is that my wife is active duty United States military.
Two ideas to address part of what Peter said: > If you don't trust the key-generation mechanism within your smartcard > you should not use smartcards at all. If there were smartcards out > there > that generate keys based on their serial number than those smartcards > will also have undocumented commands by which the NSA can read your > private key out of your smartcard. Such a card would be absolutely > useless. The only purpose of a smartcard is to protect your private > key and ensure that this key key can be used only WITHIN the card. It's about level of effort. Agreed, NSA can come read the private key out of my smartcard using JTAG, electron microscopes, or whatever. But at least they have to "come and get it". It *might* leak a serial number in a seemingly random IV or something, but let's eliminate whatever insecurities we can by not adopting an NSA-sponsored key! There is no absolute security when it comes to the NSA. Remember United States v. Scarfo, where the judge ruled that the keylogging mechanism was too secret to reveal to the defense team? What could be THAT secret? I suggest it's that the U.S. government does more than smartcard firmware--they also do keyboards! Probably without the keyboard manufacturer's knowledge; controller chips are simply imported from Mongolia or wherever with the backdoor already built-in. I suspect that more than 90% of new keyboards offer this feature. So if you're like me, you use an old AT keyboard from the Reagan years with a new connector or suitable adapter, with tamper seals on the exterior. I can't avoid being a target, but I don't have to be a convenient one. > Of course you can ask your smartcard to create a couple of keys and > compare them. Please let us know if you own a smartcard that "generates" > the same key over and over. That's not how I would design the backdoor. It would be sufficient to reduce the entropy from, say, 2000 bits to perhaps 64 or even fewer. Too many to search for collisions, but too few to be secure against real spooks. Recalling that RSA wsa invented 35 years ago, and there are multiple indications that NSA mathematicians have been 20 years ahead of the public, plus some personal history in discrete mathematics, it seems plausible to me that MD5, SHA-1, and RSA to 4096 bits are all well within their ability to reverse. > How about using the OpenPGP card. If you don't trust closed source > firmware than this card may be the right choice. I have considered this card, and I love its price. It seems to me that the underlying Basicard firmware is closed source though, and the card has a few limits which could be a concern. A solution which doesn't require a reader would be more personally convenient. I don't see any evidence of recent revisions to this card by the G10 people, which raise suspisions they might not continue supporting it. In fact, I'm not even sure it's a viable business for them; even at a roughly tenfold markup from the $2 Basicard they begin with, there simply aren't enough geeks with the time to send them a $20 order. Had the economics been different, I would consider being a distributor (as they are looking for a U.S. one) or a competitor. To each of you, thank you again very much! Marc _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
