OpenPGP card specification 2.0 improvement?
Sébastien Lorquet
squalyl at gmail.com
Fri May 13 09:52:30 CEST 2011
Hi,
This is true. Additionnaly, the C4 tag only gives the *maximum* length for
each pin, not the exact length.
the data in CHANGE REF DATA should be LV coded, with one byte giving the pin
length :
00 24 00 8X XX <actual pin length> <actual pin> <new pin length> <new pin>
as an alternative, we could have a GET DATA tag with the actual pin lengths.
Sebastien
On Fri, May 13, 2011 at 8:47 AM, NIIBE Yutaka <gniibe at fsij.org> wrote:
> Hi,
>
> While using Gnuk USB Token, I found an issue of changing password.
>
> I changed PW1, but I mistakenly put original PW1 as "12345678" while
> correct one was "123456". Since the prefix is same, password change
> succeeded, adding "78" at the beginning for new PW1. I noticed this
> after I failed to be authenticated by new PW1, and saw debug log.
>
> In the specification, section 7.2.3 CHANGE REFERENCE DATA says:
>
> The length of the existing password is known in the card, so that
> neither a delimiter nor padding for filling up fixed formats is
> necessary.
>
> This is problem. I think delimiter is needed so that it can detect
> wrong input for the existing password.
> --
>
>
>
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110513/6c55cfd4/attachment-0001.htm>
More information about the Gnupg-devel
mailing list