[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] adding smartcard support to Tor

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] adding smartcard support to Tor
From: Razvan Dragomirescu <razvan.dragomirescu@xxxxxxx>
Date: Tue, 20 Oct 2015 23:21:22 +0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 20 Oct 2015 16:21:35 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=veri_fi.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=cXgD0bD/yVnNhm83ZB0McPW3S/fzOZWI+Pc1L0qU+CE=; b=g6I8uDyUs6QBNV9S0eHBBufcSgGAct+zCJu/dpx6p7r+v2DxYfJiW20gX9oNrFPfUe r9pJqnvMPMx7PnbFadDpmtwfnulVRb7FWDRKBTWiEOLIKi8pfxb6yZUF6BZ8lubkSZgB MjpnBmdHWpJEbU5Nv0KWlqAkOWGKY+w0AmV8t8rkUXW2dOFs9y8LSo64Mu/oOjyA+haJ YQitiSYUVH0ML/L1Xf8E2s3GqwcEuLERXpZ36WnMPHlBmU5BtDRrhEb7i+SeJznJ5pTi i1YkXWA2NXdzuYLY078Hvo8aYiMEYWtpa/gql8kUG9QgcBMPKx34JOKyZoVDaAlPJH8B Wr7Q==
In-reply-to: <CAD2Ti2-6P7OHQ1WdpwetsC=oQoAQfbquxu27w5Lmx2wSswe=QQ@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAFnyNAdw5P53+6-YyOBfa1dmc_TMO2yCta_=4oj3ss3zR9JbuQ@xxxxxxxxxxxxxx> <5621A7CD.9070600@xxxxxxxxxx> <CAFnyNAdcY3aTHqbmdTWVGpx6N4PS8iDzKmA3GqvtJ0YWc9_-VA@xxxxxxxxxxxxxx> <5622954B.7000706@xxxxxxxxxxx> <CAFnyNAdAMGx41CmB+znVcH30OsWt3ddzsK3OdXAAEqSzoo+aFg@xxxxxxxxxxxxxx> <56229EC9.2090704@xxxxxxxxxxx> <5622A116.3050003@xxxxxxxxxx> <5622A675.4000703@xxxxxxxxxxx> <5622B250.4030503@xxxxxxxxxx> <CAFnyNAeK0zAaetcd-pLBFZ_Y68ao-tu9NJwMg9mN4jtc_z1V2w@xxxxxxxxxxxxxx> <CAD2Ti28OKNz9jU6a4aKxyzKyJCR3SyeWzRwW9Y20N+fKZZkLsg@xxxxxxxxxxxxxx> <CAD2Ti2-PmEoDBksFXwwueCeuafJ=gq29Rq9YXn+m9=QcpPQGnA@xxxxxxxxxxxxxx> <56269067.3020502@xxxxxxxxxx> <CAD2Ti2-6P7OHQ1WdpwetsC=oQoAQfbquxu27w5Lmx2wSswe=QQ@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

Yes, that's precisely the point - if the card is stolen, the service is stolen with it. I'm not trying to prevent that, I'm trying to _tie_ the service to the card - whoever has the card runs the service. If you see that the card is gone, you know your service is gone too. If the card is still there, your service keys are safe.Â

Razvan

On Tue, Oct 20, 2015 at 10:59 PM, grarpamp <grarpamp@xxxxxxxxx> wrote:

On Tue, Oct 20, 2015 at 3:05 PM, Ivan Markin <twim@xxxxxxxxxx> wrote:
> No, I will be secure. An adversary could sniff your PIN and sign
> whatever they want to, true. But revealing the PIN != revealing the key.
> In this case your identity key is still safe even if your PIN is
> "compromised".

Yes the private key may be safe, but the smartcard may be stolen or
removed from your sphere of access and reutilized with the sniffed
pin, thus your onion or relay or node is no longer under your control,
which was the point of the project. The enablement of the smartcard
needs to be out of band, or use some strong one way challenge
response like pki/totp/hotp/skey/opie.

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- [tor-dev] adding smartcard support to Tor
  - From: Razvan Dragomirescu
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ivan Markin
- Re: [tor-dev] adding smartcard support to Tor
  - From: Razvan Dragomirescu
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ken Keys
- Re: [tor-dev] adding smartcard support to Tor
  - From: Razvan Dragomirescu
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ken Keys
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ivan Markin
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ken Keys
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ivan Markin
- Re: [tor-dev] adding smartcard support to Tor
  - From: Razvan Dragomirescu
- Re: [tor-dev] adding smartcard support to Tor
  - From: grarpamp
- Re: [tor-dev] adding smartcard support to Tor
  - From: grarpamp
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ivan Markin
- Re: [tor-dev] adding smartcard support to Tor
  - From: grarpamp

Prev by Author: Re: [tor-dev] adding smartcard support to Tor
Next by Author: Re: [tor-dev] ResearchEthics
Previous by thread: Re: [tor-dev] adding smartcard support to Tor
Next by thread: Re: [tor-dev] adding smartcard support to Tor
Index(es):
- Author
- Thread