NdK wrote: > >> IIUC that bit is not authenticated, so a MITM attack can force both the > >> reader and the card think the other party doesn't support PIN auth, > >> making the card sign the transaction anyway, regardless the amount > >> involved. So IMVHO it's quite serious... > > http://www.cl.cam.ac.uk/~sjm217/papers/oakland10chipbroken.pdf > Tks. That's the (or one of) article I remembered but couldn't find...
http://google.com/search?q=chip+and+pin+broken _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel