Robert J. Hansen schrieb: >> How do they work? > > A (very) small display to show the hash that's being signed and an > integrated PINpad.
Pointless given the attack scenario (PC subverted with a trojan to specifically attack GnuPG and its smartcard), unless you can calculate SHA-1 values in your head... What do you make of the information that you are going to sign data that has a hash value of 0xDEADBEEF? It could be the hash of "Robert J. Hansen owes Sven Radde 10.000$"... To avoid this, the card reader would have to display the actual data that is to be signed and the card would have to calculate the hash by itself. However, if you want to sign more than, say, a few hundred characters this becomes rather useless. cu, Sven _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
