OpenPGP Smartcard Advantages

[Alex L. Mauer]

Jan Niehusmann wrote:

> I wondered if the card couldn't just erase itself completly when the
> wrong Admin-PIN is entered three times. This would at least save the
> card itself, which is worth some euros. But OTOH, just locking the card
> is probably easier to implement in a safe way (it's an atomic operation
> which can't be aborted by just turning of power, for example).

That's a good idea.  I think you could implement it safely, by making
the card treat the "locked" status (zeroed pin retry counter?) as a flag
that it should erase itself.  Then, when it had erased itself and
verified the erasure it could reset the pin retry counter (and possibly
reset the admin PIN to default)

That way, even if you abort it by turning off power, as soon as you
apply power again the card either resumes or restarts the erasure
process (depending on which is the best combination of speed and security).

It seems to me that this is just as good as becoming permanently locked
from a security standpoint, and better from a convenience stand point
(if you forget/lose/corrupt the admin PIN, all you have to do is enter
it wrong three times.)  And in the case of a malicious host, you're
better off in that you don't have to shell out for another card.

--
Bad - You get pulled over for doing 90 in a school zone and you're drunk
off your ass again at three in the afternoon.
Worse - The cop is drunk too, and he's a mean drunk.
FUCK! - A mean drunk that's actually a swarm of semi-sentient
flesh-eating beetles.
gpg/gpg key id: 51192FF2 @ subkeys.pgp.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20050603/ecf21972/signature.pgp