How important are Admin PIN and Passphrase in this scenario?
NIIBE Yutaka
gniibe at fsij.org
Tue Dec 1 04:13:25 CET 2015
On 11/30/2015 08:04 AM, Daniel Krebs wrote:
> There is a smartcard with subkeys for encryption, signing and
> authentication.
[...]
> In any case there seems to
> be no really benefit of using extraordinary strong admin pin because
> there are only three tries before the card get rendered unusable. The
> passphrase is only used in the secure environment.
I agree your argument in general. I think that it depends on the
smartcard implementation, its strength against physical attacks,
and how you protect/detect your smartcard against possible steal.
If the implementation stores your private key as raw data with no
encryption (and use pin/passphrase only for authentication), complex
pin/passphrase doesn't matter, perhaps.
When the implementation stores your private key encrypted by
pin/passphrase and the hardware is relatively weak by physical
attacks, pin/passphrase with enough entropy still makes sense
(somehow).
Suppose I have a practice to use my token everyday and I always make
sure having it, so that I can know its non-existence. Then, when I
lost my token, if I could believe that it would take a week (to break
the token phisically + to break encryption by brute force) by
complex passphrase, it makes sense for me.
--
More information about the Gnupg-users
mailing list