Poldi bug report: allow non-digit PIN
Lionel Elie Mamane
lionel at mamane.lu
Tue Aug 18 15:02:00 CEST 2009
On Mon, Aug 10, 2009 at 07:47:07PM +0200, Werner Koch wrote:
> On Sat, 8 Aug 2009 14:06, Moritz.Schulte at rub.de said:
>> What does this mean for Poldi? Should Poldi _forbid_ the use of
>> non-digit PINs or not? Maybe we should add a configuration option
>> ("allow-non-digit-pins"?) to make it clear that using non-digit PINs
>> might get you into trouble?
> In GnuPG we do these checks
> /* do some basic checks on the entered PIN. */
> if (!all_digitsp (pininfo->pin))
> errtext = _("Invalid characters in PIN");
> else if (pininfo->max_digits
> && strlen (pininfo->pin) > pininfo->max_digits)
> errtext = _("PIN too long");
> else if (strlen (pininfo->pin) < pininfo->min_digits)
> errtext = _("PIN too short");
> if asking for a PIN via Pinentry. MIN_MAXDIGITS are 0/16. This is in
> the generic code; the actual smartcard application code in scdaemon may
> even be more restrictive.
I use a non-digit PIN for SSH authentication (so gpg-agent /
scdaemon), and it works. So it would seem that scdaemon is much less
restrictive.
lionelm at harif:~$ scdaemon --version
scdaemon (GnuPG) 2.0.11
libgcrypt 1.4.4
libksba 1.0.6
It is possible that it is a Debian-specific patch that allows me
that, not sure.
--
Lionel
More information about the Gnupg-devel
mailing list