OpenPGP card specification 2.0 improvement?
gniibe at fsij.org
Fri May 13 08:47:23 CEST 2011
While using Gnuk USB Token, I found an issue of changing password.
I changed PW1, but I mistakenly put original PW1 as "12345678" while
correct one was "123456". Since the prefix is same, password change
succeeded, adding "78" at the beginning for new PW1. I noticed this
after I failed to be authenticated by new PW1, and saw debug log.
In the specification, section 7.2.3 CHANGE REFERENCE DATA says:
The length of the existing password is known in the card, so that
neither a delimiter nor padding for filling up fixed formats is
This is problem. I think delimiter is needed so that it can detect
wrong input for the existing password.
More information about the Gnupg-devel