OpenPGP smartcard, how vulnerable is it?

David Tomaschik david at systemoverlord.com
Wed Aug 15 20:20:29 CEST 2012


Smartcards (including the one the OpenPGP smartcard is based on) are
designed to be highly resistant to tampering.  While you can remove
the chip, you should not be able to read the contents of the chip
without the PIN.  A highly sophisticated attacker MIGHT be able to get
to the chip internals and read the memory directly, but at that point,
you're probably talking about the intelligence agency of a major state
actor.  (Theoretical attack, I'm not aware of any open papers
discussing it.)  That being said, what is your threat model?  If you
do not anticipate being targeted by a state actor, I am personally
convinced that a smartcard with a good pin provides more than enough
security.

(Take my response with a grain of salt -- I'm just a user, not a developer.)

David


On Wed, Aug 15, 2012 at 9:53 AM, Heinz Diehl <htd at fritha.org> wrote:
> Hi,
>
> if someone gets physical access to an openpgp smartcard, where is
> the weakest spot in the whole scenario then? Can the contents of the card
> be copied, e.g. to circumvent the limited possibilities entering
> the correct PIN / admin-PIN? Can the secret key be extracted to
> brute-force the PIN / passphrase? Reverse engineering?! What else??
>
> Me thinking: using this smartcard and a 10-digits PIN should be more
> than sufficient, because the attacker has only three chances to get
> the PIN right, and in case of a 10 digits PIN will he/she be quite
> unlikely to succeed. (The passphrase itself may be a 50 chars random
> concatenating of numbers, letters and special chars).
>
> What am I missing?
>
>
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users



-- 
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com



More information about the Gnupg-users mailing list