> I am a smartcard programmer. Sure an OpenPGP card is just a standard
> smartcard with special elementary files in its filesystem. Could I
> make my own OpenPGP card from a common smartcard given I know its
> administrative codes?
Yup, that's what the "Open" in "OpenPGP Smartcard" means :) I'm n
On Mon, 21 Aug 2006 20:11, [EMAIL PROTECTED] said:
> if the secret key was generated before the fix of the
> * quick-check * problem of PGP symmetric encryption,
> http://eprint.iacr.org/2005/033
It has always beed solid practise to avoid oracles thus this problem
is not very real.
Shalom-Sala
>Date: Sat, 19 Aug 2006 21:17:58 -0400
>From: David Shaw <[EMAIL PROTECTED]>
>Subject: Re: Don't store your key on a flash drive! [was Re: GnuPG
> (GPG) Problem]
[...]
>> there's nothing inherently dumb about putting a private key on a
>USB
&
On Mon, 21 Aug 2006 14:27, Alphax said:
> - Smartcards are largely experimental and don't have the instant
> usability of a USB stick
About 800 million users of cell phones probably don't share your
opinion that GSM cards are only experimental.
Shalom-Salam,
Werner
___
Alphax wrote:
> I don't use a flash drive or a smartcard, for the following reasons:
... and in a follow-up to my own follow-up, apparently Rainbow got
bought out by SafeNet. The iKey is still available and the specs
haven't changed from the last I used them some years ago. They're handy
little
Alphax wrote
> - Flash drives are too prone to failures at bizzare moments
> - Smartcards are largely experimental and don't have the instant
> usability of a USB stick
A few years ago Rainbow Technologies came out with a device they called
the iKey. Smartcard with a USB connector, about the same
Robert J. Hansen wrote:
> Janusz A. Urbanowicz wrote:
>> You can't read a private key from the smartcard, but you can read it
>> from the flashdrive. SC is a crypto processor + storage, flashdrive
>> only storage.
>
> All of which is true. However, the bit to which I was replying was:
>
> "A sm
Janusz A. Urbanowicz wrote:
> You can't read a private key from the smartcard, but you can read it
> from the flashdrive. SC is a crypto processor + storage, flashdrive
> only storage.
All of which is true. However, the bit to which I was replying was:
"A smartcard is very convenient as far as
On Sun, Aug 20, 2006 at 09:18:13AM -0500, Robert J. Hansen wrote:
> Ismael Valladolid Torres wrote:
> > A smartcard is very convenient as far as it's a multi application
> > device, so you can store much other info apart from GnuPG keys,
> > i.e. Mozilla passwords or such.
>
> ... I'm sorry, I'm s
Ismael Valladolid Torres wrote:
> A smartcard is very convenient as far as it's a multi application
> device, so you can store much other info apart from GnuPG keys,
> i.e. Mozilla passwords or such.
... I'm sorry, I'm scratching my head over here trying to figure out how
a flash drive doesn't als
Robert J. Hansen escribe:
> Speaking for myself, I have doubts about the long-term security of
> RSA/1024. I much prefer RSA/2048 instead. Thus, the OpenPGP card fails
> to meet my own security policy... whereas storing a copy of my private
> key on my USB dongle, with a high-security passphrase,
Jonathan Rockway escribe:
> I would recommend that you don't do that. What if you lose the drive?
> Then your private key is compromised. Do you have a revocation
> certificate in a safe location? If not, you can't even tell anyone that
> your private key has been compromised! Not good!
Sure!
On Sat, Aug 19, 2006 at 02:37:28PM -0500, Robert J. Hansen wrote:
> > The OpenPGP smartcard is a much safer option, since it will not give
> > up the private key (even if you have the password), and will lock
> > itself after 3 incorrect password attempts. (And after 3 incorrect
> > Admin PIN at
Jonathan Rockway wrote:
> I would recommend that you don't do that. What if you lose the
> drive? Then your private key is compromised.
Let's not use the word 'compromised'. Let's call it 'loss of control'.
If I leave my wallet on my desktop for an hour while I go to a meeting,
are my credit c
I would recommend that you don't do that. What if you lose the drive?
Then your private key is compromised. Do you have a revocation
certificate in a safe location? If not, you can't even tell anyone that
your private key has been compromised! Not good!
The OpenPGP smartcard is a much safer o
15 matches
Mail list logo
