On Thu, 7 Jun 2001, Carlos Prados wrote:
> Hi,
>
> --- David Corcoran <[EMAIL PROTECTED]> wrote:
> > Definitely. The interface exported must be a subset
> > of the
> > available functionality or else someone could write
> > a worm which does a
> > Verify Key function incorrectly and blocks cards
> > where services are
> > available.
>
> Even worst. If you leave your card with your private
> PGP key in the reader and the smartcard is accesible
> to anybody over the net, somebody could connect to it,
> and write signed messages with your private key, read
> your private e-mail...
You can design your application so that whenever a signature (or
decryption) operation is to be performed, a PIN code should be presented,
the operation performed, and the authentication state reset. That's how
it's done with the French banking applications. The card in itself doesn't
reset the authentication state after the operation, but the payment
terminals must do it.
> He only needs your PIN, that he can get by snooping
> the network, or donig trial and error.
Trial and error is not a valid attack, as the card usually disables the
code as soon as 3 bad code guesses have been presented. Since you can
enhance the PIN length, guessing the PIN in 3 tries is difficult.
--
Erwann ABALEA
[EMAIL PROTECTED]
RSA PGP Key ID: 0x2D0EABD5
-----
``There are basically two types of people.
People who accomplish things, and people who claim to have accomplished
things. The first group is less crowded.''
Mark Twain
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
