Smartcard PIN may be shorter than passphrase?
David Tomaschik
david at systemoverlord.com
Tue Aug 23 18:43:20 CEST 2011
On Tue, Aug 23, 2011 at 9:56 AM, Werner Koch <wk at gnupg.org> wrote:
> On Tue, 23 Aug 2011 15:12, david at systemoverlord.com said:
>> Would it be reasonable to say that you may use a significantly smaller
>> PIN for your smartcard than would be required of a passphrase, since
>> the smartcard locks itself after 3 tries?
>
> Yes. It is up to 6 tries because an attacker may also try to open the
> card using the admin PIN.
So even a 4-digit PIN would ensure a less than 1% chance of guessing
the PIN. (Assuming that the user does not select obvious pins like
birthdates, anniversaries, etc.) At 8 digits, the probability becomes
something like 6*10^-8, if I do the basic math correctly. Seems
pretty secure.
>> Since I don't use a reader with a pinpad, I must type my PIN in, and
>> thus have about 8 alpha-numeric characters for my regular PIN. (The
>
> Better use only digits - if you need to use a keypad you can't do that
> instantly.
>
>
> Shalom-Salam,
>
> Werner
Thanks Werner!
David
--
David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com
More information about the Gnupg-users
mailing list