Re: Re: pgp passphrase

[Cedric Blancher <blancher () cartel-securite fr>]

Le mar 23/03/2004 à 23:15, Sam Sharpe a écrit :
> I figured I needed a new watch, so i might as well get one that was
> useful. I realise that this doesn't provide the security of a
> smartcard, however a USB flash key is a damn sight cheaper. (except
> when it's built into a watch)

Just to justify smart cards prices...

Problem with external storage is that stored credentials remain
accessible just as they were on local HDD the time they're connected to
the system. This means someone/a worm can steal both passphrase and
private key when the time you use them.

A smart card (a real one) stores your key _and_ provides crypto
operations that need it once it's unlocked using passphrase/PIN. And
there's no way for the system to extract keys[1].


BTW, having its keys on a removable medium is a good idea anyway, for it
limits the time they're accessible from the system.


[1] unless keys are flaged extractible (bad idea)

-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
> > Hi! I'm your friendly neighbourhood signature virus.
> > Copy me to your signature file and help me spread!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html