On Wed, Jul 12, 2017 at 1:51 PM, Binarus <li...@binarus.de> wrote: > On 11.07.2017 20:38, MFPA wrote: > > > > > > On Tuesday 11 July 2017 at 8:44:48 AM, in > > <mid:3499376d-11fb-9854-688a-48e054166...@binarus.de>, Binarus wrote:- > > > > > >> I am not sure if this is an intentional limitation of > >> the cards (to > >> prevent users from choosing idiotic pins like 1234 or > >> their birthday). > > > > > > Surely things like 1234 can be prevented by software. > > > > But birthdays and the like probably not. > > Furthermore (not being sure, so read with care), I think that the bank > does not know your pin, but it is stored in the banks' backends as some > sort of hash, and this means that such software would have to run on the > card. > > Such software can run on ATMs if that are the only places where one can change the PIN. And I don't think the bank needs the hash of the PIN. They may need the hash of the key(s) protected by the PIN, however.
Guan
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
