On 13/01/2014, Peter Lebbing <pe...@digitalbrains.com> wrote: > On 12/01/14 00:18, Sam Kuper wrote: >> Again, perhaps I am wrong. But if I am not, then the use of OpenPGP >> cards with non-pinpad readers still makes no sense (at least, not to >> me). > > Since most readers don't filter VERIFY commands
Yes, I'm getting to realise this. Ideally, it ought ought to be possible to easily tell before buying a reader whether it does this or not. Apologies for my delay in replying, btw. > and additionally you can't > force > the OpenPGP smartcard to require a VERIFY before each decryption anyway, > the > pinpad really doesn't add much at all for decryption. > > With regard to the PIN not being known to the attacker when using a pinpad: > Werner disagrees that a pinpad can reliably accomplish that. I did a > feature > request about a year ago, you should read this thread: [1]. And especially > Werners answer in [2]. So according to him, it doesn't add much for > signatures > either. Thank you for the links. > A bugged reader firmware (certainly a possibility) would even still work in > the > face of a reader filtering VERIFY commands. I think most readers have > upgradeable firmware. If an attacker has your PC and knows a vulnerability > in > the firmware upgrade method, they can just flash their own firmware in your > smartcard reader. This is a really difficult to solve scenario. I do think > it > requires a rather capable attacker. Again, I know of no easy way to discover the "flashability" of a reader in advance of a purchase. No-one has collated this information for popular readers, as far as I'm aware. Readers really ought to require physical access (e.g. by means of a jumper pin that would switch between normal functionality with flashing disabled in order to be re-flashed. Best regards, Sam _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
