Every PINned SC I've seen has a very limited (typically 3) number of failed attempts before it locks itself up. Once it's locked up, it can only be reactivated by an administrator PIN, which is held at much higher security by the issuer, and not available to the card user.
Right. Which is good for the PIN-guessing-to-get-access attack, but not much help for the decrypting the extracted data using the PIN-generated key attack.
Peter
--John Kelsey, [EMAIL PROTECTED]
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]