Possible bug or opportunity for user error with admin/user password
NIIBE Yutaka
gniibe at fsij.org
Thu Jan 31 08:19:25 CET 2019
Hello,
BTW, I'm glad to see Gnuk on ST_DONGLE is running. It might confuse a
border official effectively, when there is such an opportunity. No, I
don't have any experience, though.
I know the issue in question. I reported in 2011 to GnuPG mailing list,
and had a note:
https://www.gniibe.org/log/bugreport/gnupg/openpgp-card-spec-2.0-chenge-reference-data.html
Peter Lebbing <peter at digitalbrains.com> wrote:
> Hmmmm, even then I think it's overzealous optimization, given the
> problem at hand. You'd need one byte more in your packet buffer, but
> will CHANGE REFERENCE DATA often be the largest packet in your card
> application (and hence determine the size of your buffer)? Even if that
> were the case, they should have thought of a clever solution :-).
>
> I suspect they simply forgot this special case, thinking "the length is
> known", without asking themselves "to whom?".
I have same suspect.
Anyway, my "solution" is using KDF feature. With KDF feature, the
length is fixed, so, no such problem.
I think that KDF feature is mature, now. Having GnuPG 2.2 in Debian
backports, I can promote the use this year. I will write a short howto.
--
More information about the Gnuk-users
mailing list