[cryptography] Smart card with external pinpad

Simon Josefsson simon at josefsson.org
Sat Aug 20 16:21:51 EDT 2011

Thierry Moreau writes:

> If there were devices meeting the stated goal (commercially available
> with a reasonable cost structure), they would be a very useful
> security solution element for high security contexts. The user
> guidance would be: never enter the PIN anywhere else than on one of
> these devices. Gone the phishing threat!

Not so fast -- that prevent the phisher from getting the PIN, but what
the phisher usually wants is to perform some private key operation using
your smartcard without you noticing.

All smartcard readers with PIN entry pads that I have used has had the
property that once you have entered the PIN, the host (which normally is
untrusted and can have a trojan running) will be able to perform
unlimited number of private key operations using your smartcard.

So the trojan have to wait for someone to enter their PIN to do a normal
transaction, and then the trojan can ask the smartcard to do whatever it
wants.  Bingo.

I'm surprised there aren't smartcard readers with a button to authorize
every private key operation.  At least I haven't seen any.  It is still
not perfect (the trojan can race the legitimate application and perform
its operation first) but it is an improvement.


More information about the cryptography mailing list