Hi, if someone gets physical access to an openpgp smartcard, where is the weakest spot in the whole scenario then? Can the contents of the card be copied, e.g. to circumvent the limited possibilities entering the correct PIN / admin-PIN? Can the secret key be extracted to brute-force the PIN / passphrase? Reverse engineering?! What else??
Me thinking: using this smartcard and a 10-digits PIN should be more than sufficient, because the attacker has only three chances to get the PIN right, and in case of a 10 digits PIN will he/she be quite unlikely to succeed. (The passphrase itself may be a 50 chars random concatenating of numbers, letters and special chars). What am I missing? _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users