Smartcard PIN may be shorter than passphrase?

David Tomaschik david at systemoverlord.com
Tue Aug 23 15:12:49 CEST 2011


Would it be reasonable to say that you may use a significantly smaller
PIN for your smartcard than would be required of a passphrase, since
the smartcard locks itself after 3 tries?

Since I don't use a reader with a pinpad, I must type my PIN in, and
thus have about 8 alpha-numeric characters for my regular PIN.  (The
admin PIN is somewhat longer.)  Would this be considered a reasonable
length?

(Someone who can read the memory on a smart card by opening it up is
NOT in my threat model -- if they can do that, they have much easier
ways to coerce me into giving up my PIN.)

-- 
David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com



More information about the Gnupg-users mailing list