USB key form-factor smart-card readers with pinpads?
Michel Messerschmidt
lists at michel-messerschmidt.de
Mon Jan 6 16:10:06 CET 2014
On Mon, Jan 06, 2014 at 10:34:06AM +0100, Werner Koch wrote:
> an attacking malware only needs to trick you info decrypt an arbitrary
> message and is then free to use the smartcard without having the reader
> ask you again for a PIN.
Although these are important attacks to consider, PIN entry on the reader
itself still provides additional protection if you want to protect your
own signatures.
> But for the other two keys we don't have such features.
There is the obvious possibility to remove and re-insert the card after
every use to reduce this attack surface somewhat.
But for such a tradeoff other things should be considerd first (is your
PIN really your biggest concern if you don't trust your computer/keyboard,
is your reader really more trustworthy than your computer, ...).
--
Michel Messerschmidt lists at michel-messerschmidt.de
More information about the Gnupg-users
mailing list