Subject: openpgp card and basiccard RNG
koukopoulos+gnupg-users at gmail.com
Fri Feb 7 07:42:52 CET 2014
On Wed, Feb 5, 2014 at 10:01 AM, Michael Anders <micha137 at gmx.de> wrote:
> In my opinion a (good) PRNG seeded properly under user control is no
> If -as the FAQ seems to tell- it is primed during production, beyond
> user control, this implies that normal users have to fully trust the
> A malicious manufacturer would be able to completely break privacy based
> on the "Enhanced BasicCard" without the user being able to detect this.
> An instance is created here, deliberately and unnecessarily, which the
> user has to trust. This pattern smells like a backdoor mechanism to
> I would outrighly reject to use such a card.
Makes sense, So does anyone know the version of BasicCard used for openpgp
cards? Or who to contact with this question? I asked at the distributor (
kernelconcepts.de) and they said they couldn't answer such technical
questions and suggested I try asking on this list.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users