Is there any future for smartcards?

Eugen Leitl eugen at leitl.org
Sun Sep 11 13:32:45 EDT 2005


On Sun, Sep 11, 2005 at 10:53:34PM +1200, Peter Gutmann wrote:

> The problem with this is that in 99.99% of cases the insecure networked
> machine *is* the reader, rendering the smart card pretty much pointless.  I've

Pat Farrel spoke about the infrastructure required for smartcards to have
at all a point. Inexpensive USB readers with integrated keypad (and LCD display)
exist, and are a basic component of such smartcard infrastructure. Unless it's
pure snakeoil, by design. 

> only ever seen a handful of card readers that have keypads and displays, and
> none that have succeeded commercially.  Everyone just gets the cheap reader-
> only devices.

USB smarcard readers with displays are not expensive, especially
if purchased in quantities. A financial institution would probably
recover the costs quite rapidly, if it gave away smartcards and 
such readers for free to its customers, given the amount of fraud.

It is symptomatic that this is not happening, and that e.g.
HBCI support hereabouts is very thin. HBCI+smartcard, especially on
a non-Redmond system, is nearly impossible to set up. Zero support.
(Support in fact discourages use of smartcard). Default for
local online banking is PIN/TAN (TANs distributed on dead tree).

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20050911/2c595c51/attachment.pgp>


More information about the cryptography mailing list