|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Joao Pedro (countzero
sapo.pt)
Date: Fri Jul 17 2009 - 08:52:13 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
Ludovic Rousseau <ludovic.rousseaugmail.com> wrote:
> 2009/7/17 Joao Pedro <countzerosapo.pt>:
>> Hi all,
>
> Hello,
>
>> Recently, I've been wondering about ways to mitigate the problem of the
>> PINs, in the Muscle applet, being transmitted in clear text from the
>> terminal to the card. The reason is we are seeing more and more wireless
>> smart card readers and sniffing is a threat that can not be dismissed.
>
> What wireless smart card readers do you have in mind? I don't know any
> wireless readers.
>
Sorry, I meant contacless readers.
>> What do you think of it? Is it stupid/flawed/insecure/reinventing the wheel
>> and serves no purpose at all. Or could it be used in real life?
>
> How it is supposed to work with a pinpad reader?
It doesn't. Shortly after I sent the first email I sent another
message describing this problem and also that a simple PIN is too
small to be used with keyed hashing.
I was hoping to hear better (and more general) solution than the one
proposed :) The idea was to know if there is any mechanism that
doesn't depend on pre-shared keys such as Secure Messaging.
Thank you.
Regards,
Joao
> Bye
>
> --
> Dr. Ludovic Rousseau
> _______________________________________________
> Muscle mailing list
> Musclelists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle
>
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]