OpenPGP card specification 2.0 improvement?
squalyl at gmail.com
Fri May 13 09:52:30 CEST 2011
This is true. Additionnaly, the C4 tag only gives the *maximum* length for
each pin, not the exact length.
the data in CHANGE REF DATA should be LV coded, with one byte giving the pin
00 24 00 8X XX <actual pin length> <actual pin> <new pin length> <new pin>
as an alternative, we could have a GET DATA tag with the actual pin lengths.
On Fri, May 13, 2011 at 8:47 AM, NIIBE Yutaka <gniibe at fsij.org> wrote:
> While using Gnuk USB Token, I found an issue of changing password.
> I changed PW1, but I mistakenly put original PW1 as "12345678" while
> correct one was "123456". Since the prefix is same, password change
> succeeded, adding "78" at the beginning for new PW1. I noticed this
> after I failed to be authenticated by new PW1, and saw debug log.
> In the specification, section 7.2.3 CHANGE REFERENCE DATA says:
> The length of the existing password is known in the card, so that
> neither a delimiter nor padding for filling up fixed formats is
> This is problem. I think delimiter is needed so that it can detect
> wrong input for the existing password.
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-devel