On Wed, 22 Apr 2015 20:27, andreas.schwier...@cardcontact.de said: > Not sure about that. If I loose my card on the street or someone picks > it from my pocket or my PC, than that is different from a malware attack
Given the rare use of smartcards for non-banking I bet malware is more a problems. But well, I agree that this is a severe bug. They probably downplay this bug because of the costs to replace all affected Yubikeys. > Imagine a bank, SIM or electronic signature card with a malfunctioning > PIN. Would you consider that a minor bug ? I don't see that this is Reminds me of the problem with (German) banking cards which had an easily guessable PIN due to broken BCD conversion code for a decade or so. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
