Re: Debian Investigation Report after Server Compromises
On Wed, Dec 10, 2003 at 11:35:12AM -0500, Mike Mueller wrote:
> On Monday 08 December 2003 18:20, Colin Watson wrote:
> > You can go further by requiring physical presentation
> > of smartcards or similar in order to use the key, which is less
> > convenient but makes a passphrase more or less useless on its own.
> Aren't smartcards similar to dongles in some respects? They both have
> a guard point in the software that identifies good guys and bad guys.
> If so, then given that dongles are reverser bait, won't smartcards
> meet the same fate as dongles? They'll become a wall trophy over the
> mantle of a reverser. It seems that anyone capable of a stack overflow
> exploit is also capable of reversing out a smartcard checkpoint.
> Please tell me I'm being too negative.
If you're doing this halfway properly, you don't do the communication
with the smartcard in host-side software; you do it in firmware running
on separate and physically protected hardware. Since that hardware is
the same hardware that stores the key and allows/denies access to it,
altering things on the host isn't going to help you get at the key.
Colin Watson [email@example.com]