Encryption of data in smart cards
Trei, Peter
ptrei at rsasecurity.com
Thu Mar 13 13:23:34 EST 2003
> John Kelsey[SMTP:kelsey.j at ix.netcom.com]
>
>
> At 11:08 PM 3/12/03 +0100, Krister Walfridsson wrote:
>
> ...
> >This is not completely true -- I have seen some high-end cards that use
> >the PIN code entered by the user as the encryption key. And it is quite
> >easy to do similar things on Java cards...
>
> With any kind of reasonable PIN length, though, this isn't all that
> helpful, because of the small set of possible PINs. And smartcards don't
> generally have a lot of processing power, so making the PIN->key mapping
> expensive doesn't help much, either.
>
> > /Krister
>
> --John Kelsey, kelsey.j at ix.netcom.com
>
Every PINned SC I've seen has a very limited (typically 3) number
of failed attempts before it locks itself up. Once it's locked up, it
can only be reactivated by an administrator PIN, which is held
at much higher security by the issuer, and not available to the
card user.
Peter
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list