Encryption of data in smart cards
bear
bear at sonic.net
Fri Mar 14 16:23:31 EST 2003
On Wed, 12 Mar 2003, Krister Walfridsson wrote:
>
>On Tue, 11 Mar 2003, Werner Koch wrote:
>
>> If you want to encrypt the
>> data on the card, you also need to store the key on it. And well, if
>> you are able to read out the data, you are also able to read out the
>> key (more or less trivial for most mass market cards).
>
>This is not completely true -- I have seen some high-end cards that use
>the PIN code entered by the user as the encryption key. And it is quite
>easy to do similar things on Java cards...
I've seen this too -- a little card that has its own 10key pad so
you can enter your key directly to the card, and a little "purge"
button next to the zero so you can tell it to forget the key you
entered after each use. Also a red LED to tell you that it was
"up" with a key entered, and that you needed to purge it before
sticking it back in your wallet. The guy would enter his PIN,
stick the card in the PCMCIA slot, and the machine would unlock.
Slick little device, actually.
Now can we get one that uses more than 5 digits for a key?
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list