making (future) OpenPGP cards without PIN pad safer

Hauke Laging mailinglisten at
Wed Nov 21 18:46:36 CET 2012


I am not familiar with smardcard hardware especially not with the way how the 
passwords are checked on the smartcards. From this naive perspective this just 
came to my mind:

I have a card reader with PIN pad but there are several card readers without 
one. I never liked the idea of connecting a smartcard to an unsafe system but 
I understand the cost argument.

The card already has additional storage for private use (if I have understood 
the documentation correctly). The idea: Wouldn't it be rather easily possible 
to allow the use of the card by

a) either the real password (like today) 

b) or one of several one-time passwords (TANs) which you can load into the 
card by supplying the real password (or the admin password)?

This reduce the risk of using the card with systems of unknown security a lot 
(without increasing the cost of the card).

PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20121121/5bfd74aa/attachment.pgp>

More information about the Gnupg-users mailing list