Subject: openpgp card and basiccard RNG

Kostantinos Koukopoulos koukopoulos+gnupg-users at gmail.com
Fri Feb 7 07:42:52 CET 2014


On Wed, Feb 5, 2014 at 10:01 AM, Michael Anders <micha137 at gmx.de> wrote:

>
>
> In my opinion a (good) PRNG seeded properly under user control is no
> problem.
> If -as the FAQ seems to tell- it is primed during production, beyond
> user control, this implies that normal users have to fully trust the
> manufacturer.
> A malicious manufacturer would be able to completely break privacy based
> on the "Enhanced BasicCard" without the user being able to detect this.
> An instance is created here, deliberately and unnecessarily, which the
> user has to trust. This pattern smells like a backdoor mechanism to
> me.
> I would outrighly reject to use such a card.
>
>
Makes sense, So does anyone know the version of BasicCard used for openpgp
cards? Or who to contact with this question? I asked at the distributor (
kernelconcepts.de) and they said they couldn't answer such technical
questions and suggested I try asking on this list.


<http://vsre.info/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140207/4f341311/attachment.html>


More information about the Gnupg-users mailing list