Crowdfunding USB Security Key for Email- and Data-Encryption - Nitrokey Storage
ndk.clanbo at gmail.com
Mon Nov 23 09:42:27 CET 2015
Il 23/11/2015 08:56, Jan Suhr ha scritto:
>> I didn't look at the code (so this could be completely wrong and I'd be
>> happy!), but if the OTP key is decrypted using a key in the chip after
>> verifying that the card accepts the PIN, then it's even worse, since
>> that master key is in cleartext somewhere outside the smartcard. So,
>> with some efforts and a good lab the OTP keys can be extracted.
> The key is stored in the card.
Then, replacing the card replaces the OTP key. No?
More information about the Gnupg-users