How important are Admin PIN and Passphrase in this scenario?

NIIBE Yutaka gniibe at fsij.org
Tue Dec 1 04:13:25 CET 2015


On 11/30/2015 08:04 AM, Daniel Krebs wrote:
> There is a smartcard with subkeys for encryption, signing and
> authentication.
[...]
> In any case there seems to
> be no really benefit of using extraordinary strong admin pin because
> there are only three tries before the card get rendered unusable. The
> passphrase is only used in the secure environment.

I agree your argument in general.  I think that it depends on the
smartcard implementation, its strength against physical attacks,
and how you protect/detect your smartcard against possible steal.

If the implementation stores your private key as raw data with no
encryption (and use pin/passphrase only for authentication), complex
pin/passphrase doesn't matter, perhaps.

When the implementation stores your private key encrypted by
pin/passphrase and the hardware is relatively weak by physical
attacks, pin/passphrase with enough entropy still makes sense
(somehow).

Suppose I have a practice to use my token everyday and I always make
sure having it, so that I can know its non-existence.  Then, when I
lost my token, if I could believe that it would take a week (to break
the token phisically + to break encryption by brute force) by
complex passphrase, it makes sense for me.
-- 



More information about the Gnupg-users mailing list