On 11/30/2015 08:04 AM, Daniel Krebs wrote: > There is a smartcard with subkeys for encryption, signing and > authentication. [...] > In any case there seems to > be no really benefit of using extraordinary strong admin pin because > there are only three tries before the card get rendered unusable. The > passphrase is only used in the secure environment.
I agree your argument in general. I think that it depends on the smartcard implementation, its strength against physical attacks, and how you protect/detect your smartcard against possible steal. If the implementation stores your private key as raw data with no encryption (and use pin/passphrase only for authentication), complex pin/passphrase doesn't matter, perhaps. When the implementation stores your private key encrypted by pin/passphrase and the hardware is relatively weak by physical attacks, pin/passphrase with enough entropy still makes sense (somehow). Suppose I have a practice to use my token everyday and I always make sure having it, so that I can know its non-existence. Then, when I lost my token, if I could believe that it would take a week (to break the token phisically + to break encryption by brute force) by complex passphrase, it makes sense for me. -- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
