USB key form-factor smart-card readers with pinpads?

[Sam Kuper]

On 13/01/2014, Peter Lebbing <peter at digitalbrains.com> wrote:
> On 12/01/14 00:18, Sam Kuper wrote:
>> Again, perhaps I am wrong. But if I am not, then the use of OpenPGP
>> cards with non-pinpad readers still makes no sense (at least, not to
>> me).
>
> Since most readers don't filter VERIFY commands

Yes, I'm getting to realise this. Ideally, it ought ought to be
possible to easily tell before buying a reader whether it does this or
not.

Apologies for my delay in replying, btw.

> and additionally you can't
> force
> the OpenPGP smartcard to require a VERIFY before each decryption anyway,
> the
> pinpad really doesn't add much at all for decryption.
>
> With regard to the PIN not being known to the attacker when using a pinpad:
> Werner disagrees that a pinpad can reliably accomplish that. I did a
> feature
> request about a year ago, you should read this thread: [1]. And especially
> Werners answer in [2]. So according to him, it doesn't add much for
> signatures
> either.

Thank you for the links.

> A bugged reader firmware (certainly a possibility) would even still work in
> the
> face of a reader filtering VERIFY commands. I think most readers have
> upgradeable firmware. If an attacker has your PC and knows a vulnerability
> in
> the firmware upgrade method, they can just flash their own firmware in your
> smartcard reader. This is a really difficult to solve scenario. I do think
> it
> requires a rather capable attacker.

Again, I know of no easy way to discover the "flashability" of a
reader in advance of a purchase. No-one has collated this information
for popular readers, as far as I'm aware.

Readers really ought to require physical access (e.g. by means of a
jumper pin that would switch between normal functionality with
flashing disabled in order to be re-flashed.

Best regards,

Sam