Re: OpenPGP smartcard, how vulnerable is it?
On 16/08/12 10:29, gn...@lists.grepular.com wrote: It can attempt to initiate decryption/signing, but it still requires the user to enter their pin, so some sort of social engineering is also required. It could wait for you to try to decrypt/sign something, and then send some alternative data to sign/decrypt to the reader instead, but at least the user would see that something went wrong, and that would only work for one sign/decrypt operation. This is correct for signing, when using the signature force PIN flag. Unfortunately, there is no equivalent flag for encryption (or authentication), so once a user has entered the PIN, the malware can just request additional decryptions and authentications. The user probably won't notice. A LED on the reader might flash when accessing the card, but if you do those additional encryptions and authentications directly after a user-initiated action, they probably won't notice that it flashes for a little longer than normal. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP smartcard, how vulnerable is it?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 15/08/12 20:46, Alexandre Dulaunoy wrote: It's more than a theoretical attack, the Sykipot Malware is proxying access to the smartcard reader. And by so the attacker is able to use the functionality of the card without requiring to tamper the card itself. For a complete analysis of the malware: http://www.sans.org/reading_room/whitepapers/malicious/detailed-analysis-sykipot-smartcard-proxy-variant_33919 I hope this helps. Obviously, if malware is in control of your machine, one of the many things it can do is talk to the smart card reader. It can't force you to enter your card though, and it can't read the keys from the card when it's inserted, and if you're using a hardware pin pad, it can't intercept your pin either. It can attempt to initiate decryption/signing, but it still requires the user to enter their pin, so some sort of social engineering is also required. It could wait for you to try to decrypt/sign something, and then send some alternative data to sign/decrypt to the reader instead, but at least the user would see that something went wrong, and that would only work for one sign/decrypt operation. So using a smartcard prevents an attacker from getting access to your keys, and severely limits the amount of decryption/signing they can do even if they completely own your machine. However, if they completely own your machine, you're probably screwed anyway. On the other hand, this is not what was originally asked. The question is, can an attacker with physical access to the card, either use it, or read the keys off it. And the answer is: With a lot of money, probably. Personally, I think that remote attacks against my system are many orders of magnitude more likely than physical attacks where an entity with lots of money steals my card and reads the keys off it. So I'm happy to put my keys on a smart card. - -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 -BEGIN PGP SIGNATURE- iQGGBAEBCgBwBQJQLK99MBSAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu Z0BwZ3AuY29tcGdwbWltZTgUgAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBOTtCADF3g30Hrlh dYGg2F1f91Dd3VJJMM6yHC/DCDYs/MwmaSiAleSXghbJkaDcLRFAsXCaD4a/fKrP GptSt+fl3/G6QDtiIYoD55VqHNKm+gGafugkgfuLkgo3moEUmlMUITjqKo8NDQeo //wy1Xln/cz9w7pjrXDvYgjthK3LgyDDRSy8JyjyNn7cW5qZ+9vgam7tBHZa1n2w ZLSvKT5ROfk0Qwujnhha+SD2hc8xmlJi8GoyaWCqGVUCsLR2wB+sUzyLBdhwZAgR GcrM0DV2lZ7hUd1KWGSxH8sXCGItBLMJV5vvmhcwTQt1k69bRZhIk2EUSzEjifvw HvHyLpIJyZDX =ZkzY -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP smartcard, how vulnerable is it?
Smartcards (including the one the OpenPGP smartcard is based on) are designed to be highly resistant to tampering. While you can remove the chip, you should not be able to read the contents of the chip without the PIN. A highly sophisticated attacker MIGHT be able to get to the chip internals and read the memory directly, but at that point, you're probably talking about the intelligence agency of a major state actor. (Theoretical attack, I'm not aware of any open papers discussing it.) That being said, what is your threat model? If you do not anticipate being targeted by a state actor, I am personally convinced that a smartcard with a good pin provides more than enough security. (Take my response with a grain of salt -- I'm just a user, not a developer.) David On Wed, Aug 15, 2012 at 9:53 AM, Heinz Diehl h...@fritha.org wrote: Hi, if someone gets physical access to an openpgp smartcard, where is the weakest spot in the whole scenario then? Can the contents of the card be copied, e.g. to circumvent the limited possibilities entering the correct PIN / admin-PIN? Can the secret key be extracted to brute-force the PIN / passphrase? Reverse engineering?! What else?? Me thinking: using this smartcard and a 10-digits PIN should be more than sufficient, because the attacker has only three chances to get the PIN right, and in case of a 10 digits PIN will he/she be quite unlikely to succeed. (The passphrase itself may be a 50 chars random concatenating of numbers, letters and special chars). What am I missing? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- David Tomaschik OpenPGP: 0x5DEA789B http://systemoverlord.com da...@systemoverlord.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP smartcard, how vulnerable is it?
Hi David, On 15.08.2012, David Tomaschik wrote: [] Thanks for answering. There's no thread model so far - and I'm quite shure that I'm not a target for any security agency :-) The background for my question is simply what's in it for me if I use such a card. Will the benefits outweight the drawbacks, and what are in fact such drawbacks, if there are some? Frankly, I find it very convenient to be able to use a simple PIN for nearly all operations, and not the long and compilcated passphrase. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: OpenPGP smartcard, how vulnerable is it?
On Wed, Aug 15, 2012 at 8:20 PM, David Tomaschik da...@systemoverlord.com wrote: Smartcards (including the one the OpenPGP smartcard is based on) are designed to be highly resistant to tampering. While you can remove the chip, you should not be able to read the contents of the chip without the PIN. A highly sophisticated attacker MIGHT be able to get to the chip internals and read the memory directly, but at that point, you're probably talking about the intelligence agency of a major state actor. (Theoretical attack, I'm not aware of any open papers discussing it.) It's more than a theoretical attack, the Sykipot Malware is proxying access to the smartcard reader. And by so the attacker is able to use the functionality of the card without requiring to tamper the card itself. For a complete analysis of the malware: http://www.sans.org/reading_room/whitepapers/malicious/detailed-analysis-sykipot-smartcard-proxy-variant_33919 I hope this helps. -- -- Alexandre Dulaunoy (adulau) -- http://www.foo.be/ -- http://www.foo.be/cgi-bin/wiki.pl/Diary -- Knowledge can create problems, it is not through ignorance --that we can solve them Isaac Asimov ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users