Poldi bug report: allow non-digit PIN
Werner Koch
wk at gnupg.org
Mon Aug 10 19:47:07 CEST 2009
On Sat, 8 Aug 2009 14:06, Moritz.Schulte at rub.de said:
> What does this mean for Poldi? Should Poldi _forbid_ the use of
> non-digit PINs or not? Maybe we should add a configuration option
> ("allow-non-digit-pins"?) to make it clear that using non-digit PINs
> might get you into trouble?
In GnuPG we do these checks
/* do some basic checks on the entered PIN. */
if (!all_digitsp (pininfo->pin))
errtext = _("Invalid characters in PIN");
else if (pininfo->max_digits
&& strlen (pininfo->pin) > pininfo->max_digits)
errtext = _("PIN too long");
else if (strlen (pininfo->pin) < pininfo->min_digits)
errtext = _("PIN too short");
if asking for a PIN via Pinentry. MIN_MAXDIGITS are 0/16. This is in
the generic code; the actual smartcard application code in scdaemon may
even be more restrictive.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.
More information about the Gnupg-devel
mailing list