[cryptography] Smart card with external pinpad

Steven Bellovin smb at cs.columbia.edu
Fri Aug 19 09:37:43 EDT 2011


On Aug 18, 2011, at 9:19 40PM, Bob Lloyd wrote:

> Has anyone performed an analysis of the security of any of the available smart card reader/external pin pad solutions?  Are they effective at keeping the pin from being accessible at the host to which the reader is connected?  Does anyone have any concerns about the security of these products?  If you were to test the security of such a solution, any suggestions as to what you'd look for or would be concerned about?
>  
The question you've asked is unanswerable because you haven't
said anything about what you want to protect and against whom.
Are you talking about chip-and-pin credit cards in a store?
Turnstile access to a high-security facility?  Contact or
contactless cards?  Log in to a workstation?  To a laptop?


		--Steve Bellovin, https://www.cs.columbia.edu/~smb








More information about the cryptography mailing list