<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">If the tor process is going to use the
key, at some point the unencrypted key has to be visible to the
machine running it. You would in any case have to trust the
machine hosting the tor node. A more secure setup would be to run
the tor node inside an encrypted VM and use your
smartcard/dongle/whatever to unlock the VM.<br>
<br>
On 10/17/2015 12:00 PM, Razvan Dragomirescu wrote:<br>
</div>
<blockquote
cite="mid:CAFnyNAdAMGx41CmB+znVcH30OsWt3ddzsK3OdXAAEqSzoo+aFg@mail.gmail.com"
type="cite">
<div dir="ltr">Tamper resistance. And the fact that an attacker
with access to the machine running Tor can read your encrypted
thumb drive (you need to decrypt it at some point to load the
key into the Tor process since the encrypted thumbdrive doesn't
run crypto algos internally). A smartcard is a small embedded
tamper-resistant _computer_ - you never ask it for the key, you
ask it to _decrypt_ something for you or _sign_ something for
you, you can never extract the key out of the card.
<div><br>
</div>
<div>Razvan</div>
<div><br>
</div>
<div>--</div>
<div>Razvan Dragomirescu</div>
<div>Chief Technology Officer</div>
<div>Cayenne Graphics SRL</div>
<div><br>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sat, Oct 17, 2015 at 9:36 PM, Ken
Keys <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:kenkeys@comcast.net" target="_blank">kenkeys@comcast.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">What is
the advantage of a smart card over a standard encrypted
thumb drive?<br>
<span class=""></span><br>
</blockquote>
</div>
</div>
</blockquote>
<br>
</body>
</html>