NdK: > Il 24/12/2013 02:41, adrelanos ha scritto: > >> Adversary capabilities: >> - Can physically steal the smartcard. >> - Capable of dismantling a smartcard to extract the key its holing. >> [Maybe not now, but maybe in a few years the tool required to so so will >> be available. Only making up the scenario here.] >> - Not capable of breaking gpg's key encryption/password protection. >> - Not capable of rubber-hose cryptanalysis. >> - Not capable of installing a miniature camera and/or hardware keylogger. > You're saying that he can lockpick your security door but can't break > the glass of the window nearby...
Well, let's go through it. >> - Can physically steal the smartcard. A one time robbery or thief doesn't require that much skill. A hacker conference where one steals a smartcard from a cardrader shouldn't be that unrealistic? >> - Capable of dismantling a smartcard to extract the key its holing. >> [Maybe not now, but maybe in a few years the tool required to so so will >> be available. Only making up the scenario here.] This is the only thing I am asking to grant me here for the sake of discussion. >> - Not capable of breaking gpg's key encryption/password protection. Being capable of that would be kinda big news? Either a huge breakthrough in cracking cryptography or weakness in gpg. So not assuming it isn't that much of a failure? >> - Not capable of rubber-hose cryptanalysis. That kind of capability in my opinion requires much more criminal energy and logistics than a robbery. >> - Not capable of installing a miniature camera and/or hardware keylogger. That kind of capability in my opinion requires much more criminal energy and logistics than a robbery. > You're saying that he can lockpick your security door but can't break > the glass of the window nearby... I don't understand how you get to that conclusion. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
