Smart card fragility?

Joe Smith unknown_kev_cat at hotmail.com
Tue Sep 20 22:43:10 CEST 2005


----- Original Message ----- 
From: "Alex Mauer" <hawke at hawkesnest.net>
Newsgroups: gmane.comp.encryption.gpg.devel
Sent: Monday, September 19, 2005 1:08 PM
Subject: Smart card fragility?


> Please forgive my potential lack of understanding on this topic...
>
> It seems to me that there is a pretty big vulnerability of smart cards:
> that of the Admin PIN.  All a malicious card terminal would have to do
> is enter an invalid Admin PIN 3 times, and you've got a somewhat
> expensive and thoroughly ineffective paperweight.
>
This is one of the reasons I don't yet have one of these.
Cost, location, and the current linux smart card hell are some others.

Key loss should not be too critical. A wise person would not gerneate keys 
on the card at all, but generate them on a known secure, non-internet 
connected machine, (as root, onto a ramdrive). They would upload them to the 
cards, but keep a backup, on optical medium in some safe place like perhaps 
a bank safety deposit box.





More information about the Gnupg-devel mailing list