Il 12/09/2013 19:07, Peter Lebbing ha scritto: > The filesystem is also still there with this USB-via-serial-port thingy. And > on > the CD. Nope. W/ Vinculum module you send it commands like "open mickey.txt" and then "read 1024". The filesystem driver is in the module and your interface only receives expected data.
You really should define your "security perimeter". Start by asking yourself how much an attacker is willing to spend to access the data you're handling. Once you have an answer to this question you can choose how much you are willing to spend to defend your data. Plain old password protecting a file is usually enough. FST-01 token could be useful to have your key easily portable and (w/ a little work) even add a button to confirm signing. Smartcards are another good alternative if you need some "certification". An HSM is much less portable but needed if you need both certification and speed. And this just to keep your keys safe. Keeping the whole system safe is a careful compromise between functionality and security. But all depends on the answer to the first question. But rubberhose cryptoanalysis is usually *way* more effective :) BYtE, Diego. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
