Smart card fragility?
hawke at hawkesnest.net
Mon Sep 19 19:08:44 CEST 2005
Please forgive my potential lack of understanding on this topic...
It seems to me that there is a pretty big vulnerability of smart cards:
that of the Admin PIN. All a malicious card terminal would have to do
is enter an invalid Admin PIN 3 times, and you've got a somewhat
expensive and thoroughly ineffective paperweight.
The solution I see to this is, instead of treating a zeroed Admin pin
failure counter as a flag denying access to the private key, instead
treat it as a flag that tells the card to wipe all private keys. When
all keys have been wiped, and verified as such, reset the Admin PIN and
regular PIN to defaults, and reset the counters to 3. (and maybe reset
the user name and so forth)
Is there some reason that this would not work, or would create a
vulnerability? It seems to me that this would be a major benefit in
terms of cost of a card, since you could re-use cards as much as you
wanted and you wouldn't have the risk of completely destroying it,
whether through accident or malicious intent.
-Alex Mauer "hawke"
Bad - You get pulled over for doing 90 in a school zone and you're drunk
off your ass again at three in the afternoon.
Worse - The cop is drunk too, and he's a mean drunk.
FUCK! - A mean drunk that's actually a swarm of semi-sentient
OpenPGP key id: 0x51192FF2 @ subkeys.pgp.net
More information about the Gnupg-devel