Crowdfunding USB Security Key for Email- and Data-Encryption - Nitrokey Storage
Jan Suhr
jan at nitrokey.com
Mon Nov 23 23:10:21 CET 2015
Hi Diego,
Am 23.11.2015 um 09:42 schrieb NdK:
> Il 23/11/2015 08:56, Jan Suhr ha scritto:
>
>>> I didn't look at the code (so this could be completely wrong and I'd be
>>> happy!), but if the OTP key is decrypted using a key in the chip after
>>> verifying that the card accepts the PIN, then it's even worse, since
>>> that master key is in cleartext somewhere outside the smartcard. So,
>>> with some efforts and a good lab the OTP keys can be extracted.
>> The key is stored in the card.
> Then, replacing the card replaces the OTP key. No?
If the optional PIN protection for OTPs is enabled, replacing the smart
card would render the OTPs inaccessible.
Regards,
Jan
> BYtE,
> Diego
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>
--
Jan Suhr
Nitrokey UG (haftungsbeschränkt)
Web: https://www.nitrokey.com
Email: jan at nitrokey.com
Phone: +49 163 7010 408
Berliner Str. 166, 10715 Berlin, Germany
CEO / Geschäftsführer: Jan Suhr
Register Record: AG Charlottenburg, HRB 164549 B
VAT ID / USt-IdNr.: DE300136599
More information about the Gnupg-users
mailing list