Possible bug or opportunity for user error with admin/user password

NIIBE Yutaka gniibe at fsij.org
Thu Jan 31 08:19:25 CET 2019


BTW, I'm glad to see Gnuk on ST_DONGLE is running.  It might confuse a
border official effectively, when there is such an opportunity.  No, I
don't have any experience, though.

I know the issue in question.  I reported in 2011 to GnuPG mailing list,
and had a note:


Peter Lebbing <peter at digitalbrains.com> wrote:
> Hmmmm, even then I think it's overzealous optimization, given the
> problem at hand. You'd need one byte more in your packet buffer, but
> will CHANGE REFERENCE DATA often be the largest packet in your card
> application (and hence determine the size of your buffer)? Even if that
> were the case, they should have thought of a clever solution :-).
> I suspect they simply forgot this special case, thinking "the length is
> known", without asking themselves "to whom?".

I have same suspect.

Anyway, my "solution" is using KDF feature.  With KDF feature, the
length is fixed, so, no such problem.

I think that KDF feature is mature, now.  Having GnuPG 2.2 in Debian
backports, I can promote the use this year.  I will write a short howto.

More information about the Gnuk-users mailing list