How secure are smartcards?

J. Ottosson j-001 at
Tue Jul 26 18:07:40 CEST 2011

On 25 Jul 2011 at 20:12, Werner Koch wrote:

> For the v1 card you may want to have a look at the blog; they
> have lots of entries about different chips.  There is no specific entry
> about the v1 card iirc, but I once sent them a few cards and they told me
> it would be easy to read it out using their equipment.
> For a general overview on the grade of tamper resistance you may want to
> start at .

This subject is interesting and important, there have been deliberate attempts 
for many years to not tell the whole truth to the public about the security of 
"smart cards", be they financial type of cards or other. The public is only 
being told they are "totally secure" and also other info about the (in)security 
of associated systems are being withheld from the public or actively lied about.

Even worse though, as I recall from the time when I worked with IBM crypto 
processors like 4758 etc, a lot of the people inside the (somewhat introvert) 
banking community working with security, had no clue and actually believed that 
DESX was unbreakable and that the PIN system couldn't be tricked or broken and a 
lot of other things that were not necessarily true.

I remember reading Ross Anderson's comments on sci.crypt during the Citibank 
trials in UK with great interest and remember to this day a quote from him 
saying something about banking security people digging holes on the subject 
about PIN security - I found it insanely accurate and dead on, having my own 
experiences to compare with.

I also remember when I organized a live TEMPEST lab session with a swedish 
military hw supplier, the IT people attending didn't even know what the 
phenomenon was about..

In the late 1990' there were academic reports being classified as secret in 
Sweden, that proved a great number of smart cards to be insecure. A number of 
those were swedish military graded equipment and hence government organizations 
like FMV (Swedish Defence Materiel Administration) and MUST (Swedish Military 
Intelligence and Security Service) quickly withdraw the papers from the open 

Only a handful of people outside the military have read those papers I'm told.

Today I guess that there's nothing in those papers that the Cambridge people 
haven't covered..(?)

I think that as long as you're in possession of the card the content is safe 
from any reasonable types of threats imposed by logical access from malware etc, 
as long as there is no bugs in the on-board OS.. If however it gets stolen by 
skilled advisaries, one should regard the keys as compromised, generate 
revocation certificates and new keys. 

What constitutes skilled advisaries and the likelihood of being targeted by such 
an organization can always be discussed though.

As I understand it after having spoken to some government/military security 
people in Sweden there is no chip design on the planet that cannot be broken 

And if this isn't enough then its back to random numbers and one time pads I 
guess. But then.. when is it random enough..?

Needless to say though, we should still use smart cards, since it's better than 
the alternatives, I think.


> Shalom-Salam,
>    Werner
> -- 
> Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at

More information about the Gnupg-users mailing list