The whole card setup would be less that 50 Euros, that does not seem at all like a "significant amount of money". You can get a card for 14€ and a USB reader for 18€ http://www.g10code.com/p-card.html The cards have two modes with which they work with keys: * generate the key on the card, export the public key * import a secret key generated elsewhere Having the key generated on the card is the most secure, since those cards are designed so you can't read the secret key off of the card. So the cost of putting a new certificate on the card is only someone's time for generating and uploading and new key to it. .hc On 11/12/2013 04:34 AM, Pedro Worcel wrote: > Also, what is to prevent someone interfering with the creation of the > certificate that will be embedded in the device (or poor pseudo-random > while generating it, etc.), and what would be the cost of replacing the > certificate inside the device once/if compromised? > > > 2013/11/12 Andreas Kuckartz <a.kuckartz@ping.de> > >> Hans-Christoph Steiner: >>> The crypto smartcard (aka Hardware Security Module) are some work to >> setup, >>> but not really all that much. And they are easy to use once setup. And >> they >>> provide a huge boost in the security of the certificate. >> >> Such hardware also costs a significant amount of money. Are there better >> ways to spend money to improve the security ? >> >> Cheers, >> Andreas >> >> >> -- >> To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org >> with a subject of "unsubscribe". Trouble? Contact >> listmaster@lists.debian.org >> Archive: [🔎] 5281C93A.8040503@ping.de">http://lists.debian.org/[🔎] 5281C93A.8040503@ping.de >> >> > >
Attachment:
signature.asc
Description: OpenPGP digital signature