What's the state of the art on open source, auditable OpenPGP smart cards? @flamsmark @micahflee
-
-
@BRIAN_____@flamsmark@micahflee I was referring to open source for the hardware as well as the smart card OS - or am I missing your point? -
@garrettr_@flamsmark@micahflee How do you know the hardware in your possession corresponds to the source code that was audited?
End of conversation
New conversation -
-
-
@BRIAN_____@garrettr_@flamsmark@micahflee You compile and load it yourself. That's what we advocate at least: https://subgraph.com/cards -
@bleidl@BRIAN_____@garrettr_@flamsmark@micahflee Card OS backdoors?eg "if selected applet == OpenPGP AID, enable side-channel leaks" -
@randomoracle@BRIAN_____@garrettr_@micahflee Yes, as I admitted last time we had this argument, malicious OS (& ASIC) is possibility -
@bleidl@randomoracle@garrettr_@micahflee Could Snowden today order a smartcard online, follow your instructions, & be confidently secure? -
@BRIAN_____@bleidl@randomoracle@micahflee Could anyone? Seems smartcards are involved in a lot of assurances, e.g. signed packages -
@garrettr_@bleidl@randomoracle@micahflee For secure comms, I think ipod touch, linked to PC over Bluetooth, may be a better starting pt.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.