Jan Niehusmann wrote:
I wondered if the card couldn't just erase itself completly when the wrong Admin-PIN is entered three times. This would at least save the card itself, which is worth some euros. But OTOH, just locking the card is probably easier to implement in a safe way (it's an atomic operation which can't be aborted by just turning of power, for example).
That's a good idea. I think you could implement it safely, by making the card treat the "locked" status (zeroed pin retry counter?) as a flag that it should erase itself. Then, when it had erased itself and verified the erasure it could reset the pin retry counter (and possibly reset the admin PIN to default) That way, even if you abort it by turning off power, as soon as you apply power again the card either resumes or restarts the erasure process (depending on which is the best combination of speed and security). It seems to me that this is just as good as becoming permanently locked from a security standpoint, and better from a convenience stand point (if you forget/lose/corrupt the admin PIN, all you have to do is enter it wrong three times.) And in the case of a malicious host, you're better off in that you don't have to shell out for another card. -- Bad - You get pulled over for doing 90 in a school zone and you're drunk off your ass again at three in the afternoon. Worse - The cop is drunk too, and he's a mean drunk. FUCK! - A mean drunk that's actually a swarm of semi-sentient flesh-eating beetles. gpg/gpg key id: 51192FF2 @ subkeys.pgp.net
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
