Smart card fragility?
Joe Smith
unknown_kev_cat at hotmail.com
Tue Sep 20 22:43:10 CEST 2005
----- Original Message -----
From: "Alex Mauer" <hawke at hawkesnest.net>
Newsgroups: gmane.comp.encryption.gpg.devel
Sent: Monday, September 19, 2005 1:08 PM
Subject: Smart card fragility?
> Please forgive my potential lack of understanding on this topic...
>
> It seems to me that there is a pretty big vulnerability of smart cards:
> that of the Admin PIN. All a malicious card terminal would have to do
> is enter an invalid Admin PIN 3 times, and you've got a somewhat
> expensive and thoroughly ineffective paperweight.
>
This is one of the reasons I don't yet have one of these.
Cost, location, and the current linux smart card hell are some others.
Key loss should not be too critical. A wise person would not gerneate keys
on the card at all, but generate them on a known secure, non-internet
connected machine, (as root, onto a ramdrive). They would upload them to the
cards, but keep a backup, on optical medium in some safe place like perhaps
a bank safety deposit box.
More information about the Gnupg-devel
mailing list