Would it be reasonable to say that you may use a significantly smaller PIN for your smartcard than would be required of a passphrase, since the smartcard locks itself after 3 tries?
Since I don't use a reader with a pinpad, I must type my PIN in, and thus have about 8 alpha-numeric characters for my regular PIN. (The admin PIN is somewhat longer.) Would this be considered a reasonable length? (Someone who can read the memory on a smart card by opening it up is NOT in my threat model -- if they can do that, they have much easier ways to coerce me into giving up my PIN.) -- David Tomaschik, RHCE, LPIC-1 System Administrator/Open Source Advocate OpenPGP: 0x5DEA789B http://systemoverlord.com da...@systemoverlord.com _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
