[linux-elitists] GPG luser rant
Tue Apr 17 15:22:50 PDT 2001
On Fri, Apr 13, 2001 at 12:47:34PM -0700, Karsten M. Self wrote:
> on Fri, Apr 13, 2001 at 11:50:11AM -0700, Rick Moen (email@example.com) wrote:
> > Imagine an electronic appliance the size of a keyfob (or credit card)
> > that you carry on your person. It holds your private keys, and is just
> > smart/flexible enough to sign some set amount of text and spit it back.
> > It's not smart/flexible enough to be probed or compromised
> > electronically. What's the point? The point is that, ideally, you'd
> > never have your private keys on-line except during usage, and you would
> > do that only in highly secure circumstances including single-user mode.
> > But nobody does this; it's not practical.
> Actually, I suspect such security devices may become de rigur as current
> trusted systems such as credit cards and authentication cards are found
> to be wanting. My Palm Pilot already acts somewhat as such a device, in
> that it holds my access keys to numerous systems -- in an encrypted,
> password-protected database. While the Palm isn't the perfect
> standalone system, it's (again) a pretty reasonable proxy.
A Palm is currently better than a fob at this, since it
has an LCD and is a sophisticated enough computing device
to process multiple formats. This capability is important,
since although a featureless fob helps prevent private key
compromise, it doesn't help you avoid signing documents
provided by Malory. If your computer isn't trusted,
it could display one thing while feeding another to the
signing fob. Even a hash isn't enough, if your copy
of md5sum is backdoored to hash /home/malory/evil.txt
instead of the document you want to sign. To sign a PDF
file securely, you need a PDF viewer on a secure system.
Needless to say, most peoples' security needs will drive
them to proclaim their own systems axiomatically secure
before they will go to such inconvenient lengths.
I've never really understood the whole Cryptonomicon-style
"keep your key on a floppy" approach for similar reasons.
Anyone who compromises your computer can easily grab the
key (or your passphrase) as soon as you sign something.
If you want to ward off "file upload attacks" (aka "my
root-password-having buddy copy attacks") you're better off
using symmetric encryption on your secret keyring, or some
other technique that makes the uploaded file useless to
an attacker. I personally tend to export my secret keys,
wrap them in an extra layer of symmetric encryption with
a very strong passphrase, and stick them in our corporate
CVS to get them onto a tape backup :-).
More information about the linux-elitists