On 18/10/16 10:58, NIIBE Yutaka wrote:
> Please note that OpenPGP card requires specific card readers. Its > users usually use RSA-2048, RSA-3072, or RSA-4096. For those key > sizes, the communication is somewhat difficult for old standard of ISO > 7816. (For RSA-1024, most smart card readers work well.) > > I recommend TPDU readers, because readers which support extended APDU > level communication tend to have issues for larger size communication. > Of those readers with PIN-pads on the wiki shortlist[1], which of them are TPDU readers, or all of them? > On 10/18/2016 04:51 PM, Daniel Pocock wrote: >> I was looking at this page: >> >> https://wiki.gnupg.org/CardReader/PinpadInput >> >> Are any of these more outstanding than the others, or it doesn't matter >> which one somebody chooses? >> >> Could anybody comment on which of those are easily available in small >> quantities for developers, or suppliers who are cost effective for small >> quantities? > > I implemented the pinpad input support in scdaemon. While I know some > claims that it is good feature, I, for myself, don't think it's worth > to have. > > I don't think the attack to USB communication could be mitigated by > pinpad card reader. If such an attack is possible, a user already > would be defeated. > I thought that if the PIN is entered in the PIN-pad, it is never sent over the USB connection? > It is common for such card readers to have only numeric pads. That > limits the entropy of passphrase, considerably. And, as far as I > know, I don't know any implementation of card readers in the market, > which firmware is Free Software. With user interface like pinpad > input, it is more difficult for me to trust an implementation of such > a card reader. Isn't it more a case of choosing the lesser evil: - a PIN-pad reader with some proprietary firmware - the possibility that the user's OS has been compromised or that somebody fit a keystroke logger to their keyboard There is no such thing as perfect security and I wasn't claiming that a PIN-pad implies perfection. Regards, Daniel 1. https://wiki.gnupg.org/CardReader/PinpadInput _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
