Possible to combine smartcard PIN with key password?

Mon Dec 23 20:54:04 CET 2013

On 23/12/13 19:29, adrelanos wrote:
> This would be lucky, if one could enter the PIN using an external keypad 
> (possible) AND a password using the keyboard (not possible).

The smartcard needs to know the plaintext key. It is no use to encrypt the key
with a password, because you'll simply offer the password to the smartcard so it
can decrypt it. Any exploit in the smartcard would then cache the key for the
three-letter agency. You gain nothing by the password.

The only interesting difference between the PIN and a password is that the
latter needs to be suitable to encrypt a secret with: it needs to contain
entropy, so be difficult. A PIN doesn't need this property, because the
smartcard checks each try, and will lock the card after three wrongs (OpenPGP v1
cards will self-destruct on three wrong admin PINs. I personally found this a
bit harsh). A suitable PIN doesn't need to contain all that entropy that is
needed for an on-disk encrypted private key. The latter needs to withstand an
off-line decryption attack of the disk file.

> It will be much more difficult to find out if the smartcard really wipes the
> key as soon someone is trying to dismantle the card to directly read its 
> memory.

It is my expectation that it is very easy to find out: it won't. There's no
battery in a smartcard, and some kind of chemical release is very unlikely. So
it won't wipe it's non-volatile memory when probed. Instead, they make it
difficult to probe by putting, among others, metal layers on top of the
memory, making it a very expensive job to grind down without grinding away the
memory cells as well.

> Also the hardware design?

No. It has to stop somewhere: at some point you have to trust some party. With
smartcards, I think for most people that's that the hardware design can be trusted.

Some hacker group could at some point reverse-engineer the design from the
integrated circuit and check it for validity; they did it[1] for the MOS 6502.
After that, you can trust that cryptocards from the same mask can be depended
upon. When they change the mask, you won't notice, though.

> By "part" I don't mean split one key in halves, but rather use two keys.

It's an interesting thought, I'll definitely give you that. However, if you need
that kind of protection, I don't think you should use a normal computer with a
normal operating system. It seems to me, to attack your smartcard, they would
need to either hack your PC, or have physical access. In both scenarios, the key
on your hard disk is not secure anymore either.

Can you think of a scenario where the on-disk key adds security beyond the
smartcard?

HTH,

Peter.

[1] https://events.ccc.de/congress/2010/Fahrplan/events/4159.en.html

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>