@bleidl @randomoracle @garrettr_ @micahflee Could Snowden today order a smartcard online, follow your instructions, & be confidently secure?
-
-
Replying to @BRIAN_____
@BRIAN_____@randomoracle@garrettr_@micahflee I can't say for sure, obviously. What attacks are you considering?1 reply 0 retweets 0 likes -
Replying to @bleidl
@BRIAN_____@randomoracle@garrettr_@micahflee I think one way to reason about this is to design hypothetical backdoors in RSA primitives3 replies 0 retweets 0 likes -
Replying to @bleidl
@bleidl@randomoracle@garrettr_@micahflee Also fault injections and other attacks that let you get the private key w/ physical possession.1 reply 0 retweets 1 like -
Replying to @BRIAN_____
@BRIAN_____@randomoracle@garrettr_@micahflee Fault injection is an attack under assumption that you can already decrypt anything you want2 replies 0 retweets 0 likes -
Replying to @bleidl
@bleidl@BRIAN_____@garrettr_@micahflee What about fault injection during PIN check to force branch & make card accept wrong PIN?2 replies 0 retweets 2 likes -
Replying to @randomoracle
@randomoracle@BRIAN_____@garrettr_@micahflee Is that even a thing? Seems implausible, but I'm far from an expert on SCs and attacks2 replies 0 retweets 0 likes -
Replying to @bleidl
@bleidl@randomoracle@garrettr_@micahflee It is a thing. But, theft/borrowing of smart card might be outside@garrettr_'s threat model.1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
@bleidl@randomoracle@garrettr_@micahflee It'd be amazingly fun if malware could force a laptop's SC reader to execute such attacks.1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
@BRIAN_____@bleidl@garrettr_@micahflee These are fully invasive attacks on hardware (eg aim laser at chip) Can't do it from card reader1 reply 0 retweets 0 likes
@randomoracle @bleidl @garrettr_ @micahflee I agree. I was imaging some electrical attack. I already removed the laser from my SC reader. :)
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.