What's the state of the art on open source, auditable OpenPGP smart cards? @flamsmark @micahflee
-
-
@BRIAN_____@randomoracle@garrettr_@micahflee Fault injection is an attack under assumption that you can already decrypt anything you want -
@bleidl@BRIAN_____@garrettr_@micahflee What about fault injection during PIN check to force branch & make card accept wrong PIN? -
@randomoracle@BRIAN_____@garrettr_@micahflee Is that even a thing? Seems implausible, but I'm far from an expert on SCs and attacks -
@bleidl@randomoracle@garrettr_@micahflee It is a thing. But, theft/borrowing of smart card might be outside@garrettr_'s threat model. -
@bleidl@randomoracle@garrettr_@micahflee It'd be amazingly fun if malware could force a laptop's SC reader to execute such attacks. -
@BRIAN_____@bleidl@garrettr_@micahflee These are fully invasive attacks on hardware (eg aim laser at chip) Can't do it from card reader -
@randomoracle@bleidl@garrettr_@micahflee I agree. I was imaging some electrical attack. I already removed the laser from my SC reader. :)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.