On Fri, 29 Jul 2011 11:58, rich...@r-selected.de said: > 100.000 as a one-time investment for breaking into an unlimited number > of OpenPGP smart cards? If I were a government, I would definitely buy
Whatever the number is, it is for each break and you have only a certain probability so successfully read out the key. That is why I wrote "unless a master key scheme is used" - something which is stupid for almost all systems. And well, you need to get your hands on the card first. > Hence, one has to assume it's safer to use encrypted harddrives for > key storage than a smartcard if one wants to protect their data from Nope. It is is easy to write a trojan to send the passphrase key back to an attacker or store it somewhere on the box (e.g. RTC chip, battery charging logic) so you can use it once you get physical control over the box. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
