Erich Titl wrote: > Which implies that you send cleartext to the device and get cyphertext back. So the easiest way to tamper the message is to intercept it at > the smartcard driver level :-) and modify it on the fly. If someone is smart enough to fetch the key contents from memory while it is being used by > the crypto software, he is smart enough to intercept the cleartext message.
The issue is not whether someone can see your messages, the issue is whether I can steal your private key! > This device at least protects its contents against tampering, and does not yield the key without authentication. And this authentication is done > on the device itself. Most USB devices now require password before allow to access... And if you put your private key encrypted on such device, it is more or less the same security level. If you like to upgrade your security, you should buy a device that implements smartcard... And replace your memory card. Best Regards, Alon Bar-Lev.
