Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Andreas Schwier (andreas.schwiercardcontact.de)
Date: Fri Jul 17 2009 - 07:43:31 CDT
there is a protocol called PACE (Password Authenticated Connection
Establishment) that has been introduced with Extended Access Control for
passports. This does exactly what you are looking for.
Joao Pedro schrieb:
> Replying to myself here to leave a note:
> This mechanism if susceptible to offline attacks, i.e. if an attacker
> can sniff the challenge and response messages, he/she can try to brute
> force the PIN.
> The level of protection offered by this mechanism is directly related
> with the strength of the PIN, e.g. a PIN like '1234' would be quickly
> cracked - so a strong password should be selected as the PIN. This, of
> course, would cause problems with numeric only pinpad readers...
> Joao Pedro <countzerosapo.pt> wrote:
>> Hi all,
>> Recently, I've been wondering about ways to mitigate the problem of
>> the PINs, in the Muscle applet, being transmitted in clear text from
>> the terminal to the card. The reason is we are seeing more and more
>> wireless smart card readers and sniffing is a threat that can not be
>> A obvious way would be implementing secure messaging and I think one
>> should look into it, but that solution requires a bigger effort...
>> So, what do you think about the idea of protecting PINs in the Muscle
>> applet using keyed hashing, something along the lines of HMAC-SHA1,
>> or any other derivative. I think that, in a way, the External
>> Authentication code in the applet is supposed to do this, but using
>> keys (DES, 3DES, RSA, etc.).
>> The idea is the following:
>> If a user wishes to verify its PIN, instead of just using sending a
>> INS_VERIFY_PIN APDU with the PIN clear text, the following would happen:
>> Pre-condition: The card has the PIN stored in clear text.
>> 1. [Terminal] Sends a INS_GET_CHALLENGE message to the card.
>> 2. [Card] Sends a NONCE to the terminal.
>> 3. [Terminal] Computes RT = HMAC-SHA1(PIN, NONCE); sends RT to the card.
>> 4. [Card] Computes RC = HMAC-SHA(PIN, NONCE); RT == RC ? OK : Fail.
>> What do you think of it? Is it stupid/flawed/insecure/reinventing the
>> wheel and serves no purpose at all. Or could it be used in real life?
>> Thank you.
>> Muscle mailing list
> Muscle mailing list
--------- CardContact Software & System Consulting
|.##> <##.| Andreas Schwier
|# #| Schülerweg 38
|# #| 32429 Minden, Germany
|'##> <##'| Phone +49 171 8334920
Muscle mailing list