Feature request for future OpenPGP card: force PIN
Werner Koch
wk at gnupg.org
Sat Feb 9 14:32:45 CET 2013
On Fri, 8 Feb 2013 15:18, peter at digitalbrains.com said:
> I have an SCM SPR 532 reader with pinpad; I thought the host could not get at
> the PIN when entered on the pinpad? The way I understood it, the host sends a
That is right. However, if for other reasons the PIN is known to the
host (used without pinpad, spyware utilizing the microphone or another
side channel, bugged reader firmware), the host will be able to use the
smartcard without you noticing it. See the various attacks on point of
sale terminals for such attacks.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list