Thierry Moreau writes: > If there were devices meeting the stated goal (commercially available > with a reasonable cost structure), they would be a very useful > security solution element for high security contexts. The user > guidance would be: never enter the PIN anywhere else than on one of > these devices. Gone the phishing threat!
Not so fast -- that prevent the phisher from getting the PIN, but what the phisher usually wants is to perform some private key operation using your smartcard without you noticing. All smartcard readers with PIN entry pads that I have used has had the property that once you have entered the PIN, the host (which normally is untrusted and can have a trojan running) will be able to perform unlimited number of private key operations using your smartcard. So the trojan have to wait for someone to enter their PIN to do a normal transaction, and then the trojan can ask the smartcard to do whatever it wants. Bingo. I'm surprised there aren't smartcard readers with a button to authorize every private key operation. At least I haven't seen any. It is still not perfect (the trojan can race the legitimate application and perform its operation first) but it is an improvement. /Simon _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
