[Muscle] Protecting a PIN with keyed hashing?
Joao Pedro
countzero at sapo.pt
Fri Jul 17 06:52:13 PDT 2009
Hi,
Ludovic Rousseau <ludovic.rousseau at gmail.com> wrote:
> 2009/7/17 Joao Pedro <countzero at sapo.pt>:
>> Hi all,
>
> Hello,
>
>> Recently, I've been wondering about ways to mitigate the problem of the
>> PINs, in the Muscle applet, being transmitted in clear text from the
>> terminal to the card. The reason is we are seeing more and more wireless
>> smart card readers and sniffing is a threat that can not be dismissed.
>
> What wireless smart card readers do you have in mind? I don't know any
> wireless readers.
>
Sorry, I meant contacless readers.
>> What do you think of it? Is it stupid/flawed/insecure/reinventing the wheel
>> and serves no purpose at all. Or could it be used in real life?
>
> How it is supposed to work with a pinpad reader?
It doesn't. Shortly after I sent the first email I sent another
message describing this problem and also that a simple PIN is too
small to be used with keyed hashing.
I was hoping to hear better (and more general) solution than the one
proposed :) The idea was to know if there is any mechanism that
doesn't depend on pre-shared keys such as Secure Messaging.
Thank you.
Regards,
Joao
> Bye
>
> --
> Dr. Ludovic Rousseau
> _______________________________________________
> Muscle mailing list
> Muscle at lists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle
>
More information about the Muscle
mailing list