On Wed, 22 Apr 2015 18:06, andreas.schwier...@cardcontact.de said: > And contrary to the Yubico position that this is a minor issue, I would > call the circumvention of the PIN mechanism a major issue. If you loose > the device, then you loose the key.
You mean anyone can use the key, right. However, any simple malware can be used to sniff on a user entering the PIN. I doubt that most pinpad readers can protect against this: It is easy to trick most users into entering the PIN using the regular keyboard instead of the pinpad. In fact old version of GnuPG required this in certain cases. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
