On Wednesday, November 19th, 2025 at 3:07 PM, Borden via Gnupg-users <[email protected]> wrote:
> Pardon my ignorance, but I thought GPG card hardware sets the PIN counter to > lock or destroy the private key after failed attempts precisely to stop > someone from trying to brute force the PIN? Yes, that's correct. If the retry counter is maxed out, it will be locked and you'll have to use the unblocking pin (PWD.2 I think) to reset the counter and make it usable again. If you don't know the unblocking pin, the only choice is to reset the card and put new keys on it. You *may* be able to do something with the admin PIN as well, but I don't remember off the top of my head. > Am I to understand that we cannot rely on a PIN counter? What we're discussing here is how to increase the number of PIN retries that are allowed before that locking happens. The counter still protects from brute forcing. The default is 3 attempts, but I think 5 is still reasonable and a bit "safer" in terms of not accidentally locking yourself out. -- Best, Chandler Davis
publickey - [email protected] - 0x806B3070.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
