Hi Diego, Am 23.11.2015 um 09:42 schrieb NdK: > Il 23/11/2015 08:56, Jan Suhr ha scritto: > >>> I didn't look at the code (so this could be completely wrong and I'd be >>> happy!), but if the OTP key is decrypted using a key in the chip after >>> verifying that the card accepts the PIN, then it's even worse, since >>> that master key is in cleartext somewhere outside the smartcard. So, >>> with some efforts and a good lab the OTP keys can be extracted. >> The key is stored in the card. > Then, replacing the card replaces the OTP key. No?
If the optional PIN protection for OTPs is enabled, replacing the smart card would render the OTPs inaccessible. Regards, Jan > BYtE, > Diego > > _______________________________________________ > Gnupg-users mailing list > [email protected] > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Jan Suhr Nitrokey UG (haftungsbeschränkt) Web: https://www.nitrokey.com Email: [email protected] Phone: +49 163 7010 408 Berliner Str. 166, 10715 Berlin, Germany CEO / Geschäftsführer: Jan Suhr Register Record: AG Charlottenburg, HRB 164549 B VAT ID / USt-IdNr.: DE300136599 _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
