What's the state of the art on open source, auditable OpenPGP smart cards? @flamsmark @micahflee
-
-
Replying to @garrettr_
@garrettr_@flamsmark@micahflee How would you verify that the smart card is executing the audited code, and not some other code?2 replies 0 retweets 2 likes -
Replying to @BRIAN_____
@BRIAN_____@garrettr_@flamsmark@micahflee You compile and load it yourself. That's what we advocate at least: https://subgraph.com/cards2 replies 0 retweets 1 like -
Replying to @bleidl
@bleidl@BRIAN_____@garrettr_@flamsmark@micahflee Card OS backdoors?eg "if selected applet == OpenPGP AID, enable side-channel leaks"1 reply 0 retweets 0 likes -
Replying to @randomoracle
@randomoracle@BRIAN_____@garrettr_@micahflee Yes, as I admitted last time we had this argument, malicious OS (& ASIC) is possibility3 replies 0 retweets 1 like -
Replying to @bleidl
@bleidl@randomoracle@garrettr_@micahflee Could Snowden today order a smartcard online, follow your instructions, & be confidently secure?2 replies 0 retweets 1 like -
Replying to @BRIAN_____
@BRIAN_____@bleidl@randomoracle@micahflee Could anyone? Seems smartcards are involved in a lot of assurances, e.g. signed packages2 replies 0 retweets 0 likes
@garrettr_ @bleidl @randomoracle @micahflee For secure comms, I think ipod touch, linked to PC over Bluetooth, may be a better starting pt.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.