Re: xz backdoor
Hi,
On Sun, 2024-03-31 at 00:40 +0500, Andrey Rakhmatullin wrote:
> On Sat, Mar 30, 2024 at 05:00:26PM +0100, Marco d'Itri wrote:
>
> > I think that the real question is whether we should really still
> > use
> > code-signing keys which are not stored in (some kind of) HSM.
> What are the options for random DDs for that?
Yubikeys, Nitrokeys, GNUK, OpenPGP smartcards and similar devices.
Possibly also TPM modules in computers.
These can usually be used for both OpenPGP and SSH keys.
If someone cannot afford them, I think Debian paying for them is a good
investment; Debian buying tokens for all project members would also be
nice, but logistics are probably annoying...
A compromised computer alone is then not enough to get a copy of the
private key: one would also need an exploit for the hardware token.
(A compromised computer can still give temporary access to the key when
it is in use and unlocked; some devices can require pushing a button
for signing, but of course a compromised computer could claim to sign
something different than what gets signed and just show a "wrong PIN"
message to have the user try again.)
If you believe the hardware token to have a backdoor, exploiting it
might still require physical access to the token.
Ansgar
Reply to: