[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: =?utf-8?Q?=E2=80=9CHardware_problem=E2=80=9D?= with OpenPGP smart card
From: Werner Koch via Gnupg-users <gnupg-users () gnupg ! org>
Date: 2020-12-08 11:21:08
Message-ID: 87sg8g5ysb.fsf () wheatstone ! g10code ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Mon, 7 Dec 2020 23:37, Nicolas Boullis said:
> Hence, I think my card is really dead.
yeah :-(
> I see that the card includes a signature counter (which reads 89), hence
> I understand the card has to write the EEPROM (to update the counter)
Yes, this one reason to write to the EEPROM. However, this is a way too
low number for a failure. A few years ago we had a similar report and
the Zeitcontrol folks did some testing. A 100000 operations were not a
problem at all. From my understanding the EEPROM of the chip used by
Zeitcontrol allows for much more r/w cycles than what you usually get
from an average Atmel or so microcontroller. Anyway, my STM32 based
Gnuk token did about 8000 signing operaion with the first key.
> between 1,000 and 10,000 authentications with that card. I think it
> might be sufficient to wear an EEPROM.
Nope.
> Also, the card reports 2 tries left for the PIN code, which means that
> my last try to unlock the unlock the pin was a failure. Did the card
> somehow fail updating the retry counter? (Either when I typed the wrong
It failed. Smartcards handle verification by first decrementing the
retry counter, running the verify, and on success incrementing the retry
counter. This is so that a power glitch can't be used to trick out the
retry counter. This method explains why you see 2.
> If there's anything I can do to investigate that failure, please tell
> me.
The card should not allow you to investigate things even after a failure.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
["signature.asc" (application/pgp-signature)]
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic