making (future) OpenPGP cards without PIN pad safer
mailinglisten at hauke-laging.de
Wed Nov 21 18:46:36 CET 2012
I am not familiar with smardcard hardware especially not with the way how the
passwords are checked on the smartcards. From this naive perspective this just
came to my mind:
I have a card reader with PIN pad but there are several card readers without
one. I never liked the idea of connecting a smartcard to an unsafe system but
I understand the cost argument.
The card already has additional storage for private use (if I have understood
the documentation correctly). The idea: Wouldn't it be rather easily possible
to allow the use of the card by
a) either the real password (like today)
b) or one of several one-time passwords (TANs) which you can load into the
card by supplying the real password (or the admin password)?
This reduce the risk of using the card with systems of unknown security a lot
(without increasing the cost of the card).
PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 572 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users