Encryption of data in smart cards

[Anton Stiglic]

> > With any kind of reasonable PIN length, though, this isn't all that
> > helpful, because of the small set of possible PINs.  And smartcards
don't
> > generally have a lot of processing power, so making the PIN->key mapping
> > expensive doesn't help much, either.
> >
> > >    /Krister
> >
> > --John Kelsey, kelsey.j at ix.netcom.com
> >
> Every PINned SC I've seen has a very limited (typically 3) number
> of failed attempts before it locks itself up. Once it's locked up, it
> can only be reactivated by an administrator PIN, which is held
> at much higher security by the issuer, and not available to the
> card user.
>
> Peter

Yes, but wasn`t the discussion about countermeasure to just reading
the contents of the smart card.  If you can read the encrypted data,
and it`s encrypted under a key derived from a PIN, you have all
the time and chances you want to try all PINs.  That`s the reason
why it doesn`t work.

--Anton


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com