Smart Card Physical Best Practices?
Lists.gnupg at mephisto.fastmail.net
Lists.gnupg at mephisto.fastmail.net
Tue Mar 1 15:06:11 CET 2011
On Sat, Feb 26, 2011 at 09:40:07PM -0500 Also sprach David Tomaschik:
>
>I've recently received my smart card, but was wondering what the "best
>practices" are, mainly from a physical standpoint. When I use it in
>my laptop reader, it sticks about 2" out of the side, and I have some
>concern about this (i.e., getting damaged by being pushed into
>something, etc.). I am using the Authentication key on it for SSH,
>and the normal signing & encryption operations, so I suppose I need it
>when sending signed email and signing into a system. Do most people
>leave it in the computer most of the time, or just insert it as
>needed? This brings to mind: how many insertion cycles can these
>cards handle? Looking online, various smart cards are rated anywhere
>from 10,000 to 250,000 insertions. (At 10,000, as few as 10
>insertions per day would net a 3 year lifetime.)
>
If you are concerned with the insertion-limited lifetime, and with other
possible kinds of damage to the smart card itself, perhaps you should
consider getting one of the versions with the SIM removal option.
Pop the chip out of the card and put it inside one of those USB tokens
that take them. Then the SIM itself is always (at least partially)
protected inside a casing, and the insertion problem is offloaded onto
the USB mechanism (which is more expendable). If the USB token fails
eventually, take the SIM out and put it in a new one; you may have been
using it for years by then, but your effective insertion count is 2.
As an added bonus, you may use your OpenPGP card on any computer with a
USB port, without needing a separate card reader available.
--
"Le hasard favorise l'esprit préparé."
--Louis Pasteur
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 670 bytes
Desc: not available
URL: </pipermail/attachments/20110301/c2a3e5c1/attachment.pgp>
More information about the Gnupg-users
mailing list