I'll concede the first point: some minority of people won't get it even if we make it simpler. As to the second one: even with a password manager, the security of that still depends on choosing and guarding a complex password to secure the password store. It's passwords all the way down.
>> With a smart card they can keep their secret keys in >> one place, as opposed to creating multiple points of >> potential compromise. > > It there not still potential compromise each time you use it, such as > the possibility of malware substituting the message? Certainly; if your system is compromised by malware it could substitute the message, store session keys, or keylog your PIN for that matter. If your system is compromised, all bets are off. The difference is that with your keys on a smart card, at least such a breach won't compromise your secret key material. And you can prevent further unauthorized use by simply removing the card; this is not possible if the attacker has stolen your keyring and passphrase. Without smart cards, if I want to use GnuPG on my laptop, my iPhone and my Nexus 7, I have to put my secret key on each of those devices and enter my passphrase into each of those devices. This dramatically increases the surface area available for an attack on my secret keys. > How secure is the NFC communication? Could a situation be contrived > where the person next to you in a crowd managed to get you to sign a > message on their device instead of your own? In practice, you have to more or less touch the card to the device you're using it with; an attacker would have to generate an RF field that overpowers the one generated by the device. But yes: with specialized equipment and close proximity, an attacker could theoretically modify data or eavesdrop. [1] It's a tradeoff: in exchange for better security for my secret key material, I'm exposing myself to a threat from a determined, active attacker that's able to get specialized gear into the same room as me while I'm using my card. For some minority of people, that may be a reasonable concern; for most people, it really isn't. Also, there's nothing preventing us from better securing the NFC channel in a future card specification; in particular, NFC's resistance to man in the middle attacks makes it easy to establish a shared secret to secure the channel, as proposed in a 2010 standard. [2] [1]: http://events.iaik.tugraz.at/RFIDSec06/Program/papers/002%20-%20Security%20in%20NFC.pdf [2]: http://www.ecma-international.org/publications/files/ECMA-ST/ECMA-386.pdf -- Joey Castillo www.joeycastillo.com _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
