Il 03/12/2013 15:30, Mark H. Wood ha scritto: > I wonder how feasible that really is. The system surrounding the card > is not under control of the card's manufacturer or anyone who might > have corrupted him. All it takes is one knowledgable person watching > the data stream for interesting anomalies, and you have given the game > away. The cost, as we've recently seen, could be considerable. Unless the exploit could be categorised as "bug". Like the power glitch that allows clearing fuses in some PICs (advertised as secure chips, at the time... now they're saying it's secure unless operated outside nominal values) w/o wiping the rest of the memory.
This way you'd have to use a non-standard reader to introduce a specific error. Or, maybe, a protection layer that fails if frozen before exposing it to oxygen, allowing the attacker to succesfully decap the chip before it self-erases. There are simply too many attack vectors to say the evaluation considers 'em all. It needs to stop somewhere saying "this chip is secure against these attacks" since it can't say "it's secure against any attack you could think of". And/or it places a budget limit on the attack: if it costs more than that, the attack is worthless. I've seen this tradeoff while studying openalarm, a (wannabe, still in its early stages) burglar alarm system scalable from garage to bank: as long as you can trust a producer and an installer, it's quite easy and anything will do (if you need to protect your personal mail from your nosy boss, FST-01 is more than enough). If you can't, you need exponentially more resources to be able to pinpoint the black hat, be it the producer of a node, of one of the management systems or the installer trying to slip a backdoor in. If you don't/can't trust a single smartcard manufacturer, you'd need to use at least four (if you need to be able to say who is the misbehaving one -- byzantine generals problem in case of 3 with one misbehaving agent). So, for the vast majority of uses, the solution might be non-technical: use a certified Common Criteria card and make sure to have evidence that if the key is leaked then that certification is bogus. Quite unlikely the NSA will reveal having a backdoor just to arrest *you* :) BYtE, Diego. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
