What's the state of the art on open source, auditable OpenPGP smart cards? @flamsmark @micahflee
-
-
@BRIAN_____@bleidl@randomoracle@micahflee Could anyone? Seems smartcards are involved in a lot of assurances, e.g. signed packages -
@garrettr_@bleidl@randomoracle@micahflee For secure comms, I think ipod touch, linked to PC over Bluetooth, may be a better starting pt.
End of conversation
New conversation -
-
-
@BRIAN_____@randomoracle@garrettr_@micahflee I can't say for sure, obviously. What attacks are you considering? -
@BRIAN_____@randomoracle@garrettr_@micahflee I think one way to reason about this is to design hypothetical backdoors in RSA primitives -
@bleidl@randomoracle@garrettr_@micahflee Also fault injections and other attacks that let you get the private key w/ physical possession. -
@BRIAN_____@randomoracle@garrettr_@micahflee Fault injection is an attack under assumption that you can already decrypt anything you want -
@bleidl@BRIAN_____@garrettr_@micahflee What about fault injection during PIN check to force branch & make card accept wrong PIN? -
@randomoracle@BRIAN_____@garrettr_@micahflee Is that even a thing? Seems implausible, but I'm far from an expert on SCs and attacks -
@bleidl@randomoracle@garrettr_@micahflee It is a thing. But, theft/borrowing of smart card might be outside@garrettr_'s threat model. -
@bleidl@randomoracle@garrettr_@micahflee It'd be amazingly fun if malware could force a laptop's SC reader to execute such attacks. - 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.