Re: OT: Smartcards and Physical Security [Was: Re: Backport of the integer overflow in the brk system call]

To: debian-devel@lists.debian.org
Subject: Re: OT: Smartcards and Physical Security [Was: Re: Backport of the integer overflow in the brk system call]
From: Tom <tb.31123.nospam@comcast.net>
Date: Tue, 2 Dec 2003 21:54:18 -0800
Message-id: <[🔎] 20031203055418.GA2843@comcast.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20031203013405.GF1068@donarmstrong.com>
References: <[🔎] 3FCBCF99.3000907@sentinel.dk> <[🔎] E1AR6Vn-0001YY-Vx@mid.downhill.at.eu.org> <[🔎] 20031202232021.GA32333@daedalus.andrew.net.au> <[🔎] 200312031117.19034.russell@coker.com.au> <[🔎] 20031203005423.GA1132@daedalus.andrew.net.au> <[🔎] 20031203011922.GA2828@comcast.net> <[🔎] 20031203013405.GF1068@donarmstrong.com>

On Tue, Dec 02, 2003 at 05:34:05PM -0800, Don Armstrong wrote:
> On Tue, 02 Dec 2003, Tom wrote:
> > I think the DD's should seriously think about requiring smartcards.
> > It would have prevented the proxmiate cause of our recent troubles.
> 
> Smartcards are not a magical panacea either. The problems associated

No, they're not.  Security is all about layers of defense.

> with them aren't too terribly different from those associated with
> keys or other forms of physical security, notably, that they can be
> stolen, or the output from them duplicated. Refer to the ongoing saga
> between DirectTV and satelite pirates for a trivially applicable
> example.

Yes but the attacker did not "steal" the DD's computer.  He rooted it 
remotely.  It is true that a shitty smartcard which is only dumb storage 
for a private key is no better than storing your keys on an USB keyring.

Good smartcards never transfer the key off the card.  The smart card can 
be compromised itself true.  Repeat: Security is about layers of 
defense.  Multiple things have to be compromised.

> 
> From my perspective, Smartcards do little to raise the bar. They
> merely move the bar sideways.

You're wrong.  They're better.

Reply to:

Follow-Ups:
- Re: OT: Smartcards and Physical Security [Was: Re: Backport of the integer overflow in the brk system call]
  - From: Don Armstrong <don@donarmstrong.com>

References:
- Backport of the integer overflow in the brk system call
  - From: Frederik Dannemare <tux@sentinel.dk>
- Re: Backport of the integer overflow in the brk system call
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>
- Re: Backport of the integer overflow in the brk system call
  - From: Andrew Pollock <debian-lists@andrew.net.au>
- Re: Backport of the integer overflow in the brk system call
  - From: Russell Coker <russell@coker.com.au>
- Re: Backport of the integer overflow in the brk system call
  - From: Andrew Pollock <debian-devel@andrew.net.au>
- Re: Backport of the integer overflow in the brk system call
  - From: Tom <tb.31123.nospam@comcast.net>
- OT: Smartcards and Physical Security [Was: Re: Backport of the integer overflow in the brk system call]
  - From: Don Armstrong <don@donarmstrong.com>

Prev by Date: Re: Revival of the signed debs discussion
Next by Date: Re: popularity-contest
Previous by thread: Re: OT: Smartcards and Physical Security
Next by thread: Re: OT: Smartcards and Physical Security [Was: Re: Backport of the integer overflow in the brk system call]
Index(es):
- Date
- Thread