24.08.2013 23:14, Jan (takethe...@gmx.de) worte: It seems quite easy to advice people to have an offline windows PC with gpg4win on it and all their private stuff and a windows(?) online PC next to it. They could transfer encrypted messages with an USB stick from one PC to the other. I think this is a vector for an attacker, but how serious is this problem?
25.08.2013 06:04, Robert J. Hansen wrote: Very serious. USB tokens are great tools for propagating malware. Compromise the box that's connected to the net, and as soon as someone plugs a flash drive into it, compromise the flash drive. Bring it over to the new computer, plug in there, and bang, you've spanned the air gap. This is not a new attack: it's been known about for many years and has been demonstrated in real-world environments.
Imagine an intact offline PC without "auto play" enabled for USB drives. Now an USB drive is plugged in with an encrypted file on it. The file is decrypted with gnupg and turns out to be a jpg file. Let's assume it contains maleware. Even in this case, the offline PC is not infected yet(?). Next we would want to view the jpg picture using a secure small tool which is so simple that it does not evoke the maleware contained in the file. If there is such a tool the offline PC is still intact. No information or private key could secretly be copied on an USB drive which we plug in the offline PC. Thus no such information could be transfered to the online PC, no matter how infected the online PC is. The point is perhaps to only view files of simple formats on the offline PC, like(?) jpg files. Word files seem too dangerous for me for example, since they can contain scripts. Are my thoughts correct?
The simple file formats I'm thinking of are plain text, jpg, RTF, a simple spread sheetformat (which?), pdf, mp3. Are there any secure tools for those types? Jasper den Ouden (22.08.2013 20:22) asked for a "pdf tool for extra security" in a similar context.
It also might be a good idea to have a program which checks whether the considered file is for instance a "normal" jpg file according to the jpg definition. If it is not we could avoid loading it in a jpg tool. Are there such programs under linux?
25.08.2013 10:28, Pete Stephenson wrote: The easiest and least-expensive solution to this situation is using smartcards: http://g10code.com/p-card.html -- the private key is kept securely on the smartcard.
My problem with smartcards is that they protect the private key but not the sensitive data I'm keeping on my offline PC, since once in a while I need to decrypt it in order to work with it. Nevertheless an attacker would certainly first try to steel the private key out of the offline PC, so smatcards are a good additional defense.
Best regards, Jan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
