Hey Peter,
>> Is there also a limit to the number of unlock attempts? What happens when
>> the limit is reached?
Yes there is, if you enter the wrong puk 8 times your card will be locked and
not usable anymore.
>> Any memory used to store a PIN should IMO be mlock()ed before the first use.
Ok cool, as a security measure that is ?
>> Any memory used to store a PIN should IMO be erased as soon as is no longer
>> needed.
You mean, write over the data with rubbish and then free it ? (I thought it was
enough with just freeing it, but i see you got a point)
>> I would reuse e.g. the OpenSSH read_passphrase() code instead:
Didn't even think about that.
Thanks for the tips Peter.
Patrik Martinsson,
Sweden.
On 09/08/2010 10:06 AM, Peter Stuge wrote:
> Patrik Martinsson wrote:
>
>> I just wanted to share a small program I wrote for unlocking pin's
>> with your puk.
>>
> ..
>
>> Any comments, suggestions, improvements, thoughts around this
>> method,
>> are welcome. (Go easy on the coding-part since I'm not a
>> programmer)
>>
> The approach seems fine to me. Some things to consider for the
> implementation:
>
> * Is there also a limit to the number of unlock attempts? What
> happens when the limit is reached?
>
> * Any memory used to store a PIN should IMO be mlock()ed before the
> first use.
>
> * Any memory used to store a PIN should IMO be erased as soon as it
> is no longer needed.
>
>
>
>> /* Handle user input */
>> int handle_input(int puk, char *input, CK_SESSION_HANDLE session){
>> int i = 0;
>> int c = 0;
>>
>> /* Disable echo */
>> struct termios oflags, nflags;
>> tcgetattr(fileno(stdin),&oflags);
>> nflags = oflags;
>> nflags.c_lflag&= ~ECHO;
>> nflags.c_lflag |= ECHONL;
>>
>> if (tcsetattr(fileno(stdin), TCSANOW,&nflags) != 0) {
>> printdebug("Terminal", "Echo disabling failed");
>> finish(1, session);
>> }
>>
>> /* Scan input */
>> if (scanf("%10s", input) != 1){
>>
> * I would reuse e.g. the OpenSSH read_passphrase() code instead:
> http://anoncvs.mindrot.org/index.cgi/openssh/readpass.c?view=markup#l107
>
> As a bonus it may even allow staying in X if you set up a special
> session for the unlock user.
>
>
> //Peter
> _______________________________________________
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
