On 23/11/15 08:54, Jan Suhr wrote: > 2nd factors are usually not access protected at all e.g. may have a > display (which allows funny hacks[1]).
Ah, that makes sense! I forgot about that because I myself would actually like an OTP protected by PIN as complete two-factor solution (have the device, know the PIN). But that is an uncommon scenario. > We introduced PIN-protection of > OTPs as an optional feature because we don't have a physical button. Can I suggest you document this well so people know the limitations of the functionality? As a part of that, I'm sure you are aware a physical button is out-of-band (a remote attacker can't press it), but a remote attacker can send a PIN to the smartcard. >> Hardware: >> NK-02-006 Micro SD and Smartcard Slots lack ejection switch (High) > > An ejection switch doesn't make any sense to me. Note that ejection > switch could only be triggered if a card is ejected while the device is > powered. > Furthermore any pupil would be able to use a soldering iron to > circumvent an ejection switch. I read this part of the pentest document as a bundle complete with a supercap to keep the power applied when unplugged and the part where there is tamper detection. All three together make sense, the tamper detection beating the pupil[1]. But the odd thing there is that the ejection switch is rated high importance, but the others medium. Thanks for your explanation! Peter. [1] With his own soldering iron, if need be ;P. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
