making (future) OpenPGP cards without PIN pad safer
Michel Messerschmidt
lists at michel-messerschmidt.de
Wed Nov 21 20:42:38 CET 2012
On Wed, Nov 21, 2012 at 06:46:36PM +0100, Hauke Laging wrote:
> The card already has additional storage for private use (if I have understood
> the documentation correctly). The idea: Wouldn't it be rather easily possible
> to allow the use of the card by
>
> a) either the real password (like today)
>
> b) or one of several one-time passwords (TANs) which you can load into the
> card by supplying the real password (or the admin password)?
>
> This reduce the risk of using the card with systems of unknown security a lot
> (without increasing the cost of the card).
If you want to reduce the dependency on unknown systems, I would
rather have a look at cards with integrated keypad.
A future OpenPGP card might take advantage of this feature.
It will not remove the trust dependency on a potentially insecure
system, but will reduce the exposure of your credentials (private key
and PIN/passphrase).
More information about the Gnupg-users
mailing list