[tor-dev] adding smartcard support to Tor

grarpamp grarpamp at gmail.com
Tue Oct 20 17:02:19 UTC 2015


You mentione...

> I have Tor running on the USBArmory by InversePath (
> http://inversepath.com/usbarmory.html ) and have a microSD form factor card
> made by Swissbit (
> www.swissbit.com/products/security-products/overwiev/security-products-overview/
> ) up and running on it.

Good that USBarmory could provide even tor binaries
over a usb mass storage fs for the host to run.
Or even run the tor process and network itself as you say.

However how is "pin" on swissbit enabled?
If it goes from the host (say via ssh or keyboard or some
device or app) through usb port through armory to swissbit,
that is never secure.
If it goes from external pad through GPIO on armory
to swissbit, that will not be secure if host can in
any way snoop on armory, or can use or modify code
on the armory to do that and report the armory core / bus
data back to the host.
If swissbit card itself had external I/O for "pin" ops,
that would be secure.


More information about the tor-dev mailing list