Hi,
Ludovic Rousseau <[email protected]> wrote:
2009/7/17 Joao Pedro <[email protected]>:
Hi all,
Hello,
Recently, I've been wondering about ways to mitigate the problem of the
PINs, in the Muscle applet, being transmitted in clear text from the
terminal to the card. The reason is we are seeing more and more wireless
smart card readers and sniffing is a threat that can not be dismissed.
What wireless smart card readers do you have in mind? I don't know any
wireless readers.
Sorry, I meant contacless readers.
What do you think of it? Is it stupid/flawed/insecure/reinventing the wheel
and serves no purpose at all. Or could it be used in real life?
How it is supposed to work with a pinpad reader?
It doesn't. Shortly after I sent the first email I sent another
message describing this problem and also that a simple PIN is too
small to be used with keyed hashing.
I was hoping to hear better (and more general) solution than the one
proposed :) The idea was to know if there is any mechanism that
doesn't depend on pre-shared keys such as Secure Messaging.
Thank you.
Regards,
Joao
Bye
--
Dr. Ludovic Rousseau
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
