On 23/08/16 02:54, Karol Babioch wrote: > P.S.: I should also mention that there is some debate about the open > source nature of the YubiKey 4, since its firmware is not open to > review any longer. Should this be a criterion for you, you have to > go with another solution. You'll find details on the story at [3].
I was quite surprised by this blog post, by one small but, in my eyes, significant part of it. A lot of the blog post seems not directly related to being able to review the source and verifying that the loaded firmware binary is indeed the reviewed source, which is what would interest me most in a security device. There's a lot of talk about field-updating firmware securely and related topics, which is only tangential to the source being /available/. But the really strange statement is this: > In this specific context (fault injection and side-channel > analysis), an open source strategy would provide little or no remedy > to a serious and growing industry problem. One could say it actually > works the other way. In fact, the attacker’s job becomes much easier > as the code to attack is fully known and the attacker owns the > hardware freely. I'm with him on the first sentence. The context is broadly that when your hardware is not secure, no amount of open sourcery would protect the data the hardware holds. At least if I understood the context. But then it gets iffy. The attacker's job becomes easier because he knows the inner workings? Alert! Alert! Security through obscurity! Prepare for battle stations! A secure system is secure by having the knowledge of a secret key. It is not secure because most people do not know how it works; because the method is secret. This is Cryptography 101. If you want to know more, I'd say just use your favourite search engine with the phrase "security through obscurity". I fully understand that stuff gets complicated when your hardware vendor forbids you to disclose your source code. That's a nasty problem. I'm less concerned about not meeting criteria for some certification because the source is open. Would you rather have a certification stating some party thinks you're secure, or would you rather actually be secure? I'd know. Stuff those Common Criteria ;). They're not the holy grail. But when you say "obscurity helps security", I'm seriously starting to doubt your reasoning. My 2 cents, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
