[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] adding smartcard support to Tor



Hello again,

I wanted to revisit this subject and actually start writing some code, but it looks like Ivan Markin's GitHub account is gone, together with all the code there. Ivan, are your modifications to OnionBalance still available anywhere?

Thank you,
Razvan

--
Razvan Dragomirescu
Chief Technology Officer
Cayenne Graphics SRL

On Tue, Oct 20, 2015 at 10:05 PM, Ivan Markin <twim@xxxxxxxxxx> wrote:
grarpamp:
> Yes if you intend to patch tor to use a smartcard as a
> cryptographic coprocessor offloading anything of interest
> that needs signed / encrypted / decrypted to it. The card
> will need to remain plugged in for tor to function.

As I said before, only thing that actually needs to be protected here is
"main"/"frontend" .onion identity. For that purpose all you need to do
is to sign descriptors. And not to lose the key.

grarpamp:
> However how is "pin" on swissbit enabled?
> If it goes from the host (say via ssh or keyboard or some
> device or app) through usb port through armory to swissbit,
> that is never secure.

No, I will be secure. An adversary could sniff your PIN and sign
whatever they want to, true. But revealing the PIN != revealing the key.
In this case your identity key is still safe even if your PIN is
"compromised".

--
Ivan Markin


_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev


_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev