On 12.03.15 20:52, Robert J. Hansen wrote: >> My point was that you wrote multiple paragraphs worth of stories on >> > two emails from which I really got the impression that people should >> > just not bother. > In response to someone who was thinking that storing keys on your hard > drive was categorically unsafe, and that smart cards were categorically > necessary, yes.
Absolutely. I agree. I think the difference of opinion here stems from how I read the reply you sent. After the first couple sentences it's not much about answering the question anymore :). The questions was: Are smart cards a must? No they are not. >>> The answer is, "it depends." >> >> Isn't "it depends" exactly what I said ? > > No. You said they add security, period, and that they either > inconvenience minutely or add convenience. All things being equal, they do practically add security, period :). Well, you're quite right that it's impossible to say that they would add security in all situations. Maybe they could also weaken it in some. But you can use the same passphrase with or without the card. You can have your subkeys on the card or on the computer. Maybe you can fill in the rest. I.e. all things being equal: The card can and on defaults probably will limit the amount of passphrase attempts. And then it locks. Is it absolutely secure against hacking? No. But it should be quite difficult to hack. And an important point if to only have subkeys in there that you can revoke. > That's not an "it depends" > answer. That's a "this is true in all times and situations" answer, and > that's exactly wrong. I said "depending on the user and use case". It is an it depends answer. > They do *not* add security in all times and > situations I'm not making such a claim. The world is not black and white. Yes or no only. I'm not talking about some theoretical, mathematically proven statement that smart cards are more secure in every possible way. They are not. >, and they do *not* only ever cause minute inconvenience. I don't know how you count the 30-45 second number from before but for me it adds 1-10 seconds, maybe. Hard to estimate but it doesn't really add any inconvenience to my use. And obviously, that's quite subjective. I'm not even trying to make a point that they would be more secure all the time. But, practically, they can be a cheap and convenient way to add security. Everyone has to evaluate their use case though. Here's an example. Is it better to store secret keys on each computer or a smart card? I use multiple different computers and think that it's more secure to have the keys on my smart card. So, more security by not having to distribute the secret keys to all those computers. I'd say that's convenient security as the secret keys come with me to whichever computer I happen to be using. -- Ville
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
