Non-Beeping keypad
Peter Lebbing
peter at digitalbrains.com
Sat Mar 5 12:00:04 CET 2016
On 05/03/16 10:12, William Hay wrote:
> This can be annoying to those around me
I have the same reader, I can understand that that can be pretty annoying.
> and also leaks information about the length of my PIN.
This is really not an issue. The length adds so utterly little
entropy... besides, the entropy content of a PIN is already not really a
feature. The true security feature is that the card locks after three
wrong tries. The entropy content of a PIN would be hopelessly
insufficient to protect against brute force if it weren't for the "three
strikes you're out" rule.
> However keypads aren't generally advertised with noise level indicators so I was hoping
> someone on this list might have a recommendation.
I can't directly help you with that, but I can tell you that you can use
your current reader without using the keypad, simply by entering the PIN
on your PC, by adding this to scdaemon.conf (for instance at
~/.gnupg/scdaemon.conf, depending on OS):
disable-pinpad
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list