-----BEGIN PGP SIGNED MESSAGE----- In my entry on a related thread, I was thinking that one of the simpler ways to foil attacks on bank cards would be to make a smart card play dumb and accept any old pin (symmetric encryption key for a private key). That would (almost) force attackers to communicate with a bank on every trial, except there *might* be a way for attackers to get the public key for a pair off a card. Since attackers can't read the private key (at least not without frying or bridging key bits), they can't tell that it iz no longer based upon probable primes. The bank would come up with "no such ID", or "BAD signature", and they might be watching for a lot of noise like that. Now, I am thinking that for a card to reveal its public key more than once might actually be a weakness, however interoperable.
A bank card does only hav to communicate with one other entity, so I am not sure that this can't be done with symmetric keys throughout. The other way iz to introduce increasing delays for bad PINs. I like my first impulse better, though, forcing attackers to actually use a badly decrypted private key to communicate with a bank. _______ That boy so horny, even the Crack of Dawn ain't safe! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: http://ecn.ab.ca/~brewhaha/gpg/Keyprint_Biometric.mp3.pgp Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQCVAwUBTjFBYx47apzXdID2AQFP8wP/eT5sYDOjdgVRbuHOdbc8JkJ/1wG/d6nQ oW1SvdtXQjTnVDNEpcLop11ibTVqiCkddQTWXazso9B1CPwPAGIA+z6ipfFCYCBm DGp09oEZw9BO52Qhb09GwL+ykXxlgHUcx70rTNDlXM/GlusodQEPbkyFCQ+Dow3p +YffVJbfyyU= =Rs2c -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
