[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Investigation Report after Server Compromises

On Wed, Dec 10, 2003 at 11:35:12AM -0500, Mike Mueller wrote:
> On Monday 08 December 2003 18:20, Colin Watson wrote:
> > You can go further by requiring physical presentation
> > of smartcards or similar in order to use the key, which is less
> > convenient but makes a passphrase more or less useless on its own.
> 
> Aren't smartcards similar to dongles in some respects?  They both have
> a guard point in the software that identifies good guys and bad guys.
> If so, then given that dongles are reverser bait, won't smartcards
> meet the same fate as dongles?  They'll become a wall trophy over the
> mantle of a reverser. It seems that anyone capable of a stack overflow
> exploit is also capable of reversing out a smartcard checkpoint.
> Please tell me I'm being too negative.

If you're doing this halfway properly, you don't do the communication
with the smartcard in host-side software; you do it in firmware running
on separate and physically protected hardware. Since that hardware is
the same hardware that stores the key and allows/denies access to it,
altering things on the host isn't going to help you get at the key.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]
Reply to: