[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: Smartcards and Physical Security [Was: Re: Backport of the integer overflow in the brk system call]

On Wed, Dec 03, 2003 at 01:03:16AM -0800, Don Armstrong wrote:
> [NB: I wanted to take this OT discussion off d-d@ldo and into private
> mail, but your e-mail address was munged in some sort of anti-spam
> measure, and not trivially un-mungeable. Please consider providing
> information on how to demunge it in some X- header, or not using
> munging at all.]

Heh.  That's my actual email address.  Fooled ya.

> Well, the DD can't log in without the smart card, so that's clearly a
> prerequisite.

You leave it unplugged until you need it, do your thing, then unplug it.

Sure, I could still infect your toolchain so you unwittingly upload 
trojaned stuff.  But the fact is in this *actual* compromise the 
password was stolen and the hacker worked later at his leisure:
smartcards would have prevented this *actual* incident (but of course 
doesn't prohibit other ways of attack).

If something could have prevented something that actually happened, I 
say go for it.

Reply to: