[Gllug] OT - chip & pin
Daniel P. Berrange
dan at berrange.com
Mon Apr 3 14:48:19 UTC 2006
On Mon, Apr 03, 2006 at 03:18:44PM +0100, Alain Williams wrote:
> On Mon, Apr 03, 2006 at 01:49:06PM +0000, Benedikt Heinen wrote:
> > >I will accept it if the card is plugged into the numeric keypad, I am
> > >much more reluctant to do so if my PIN has to travel down a wire into a
> > >till.
> >
> > But - if you plug the card into the keyboard, does that "prove" that the
> > PIN doesn't go down the wire? That would only make sense, if the keyboard
> > itself was tamper-proof and sealed by a reputed manufacturer. Since that
> > isn't the (*obvious*) case, I might think it just as likely, that the
> > keyboard, pin display and card adapter is nothing more than a dumb
> > terminal and will relay information back and forth to the processing unit
> > outside. (this might actually make sense from the manufacturer's point of
> > view - since everyone can take the keyboard and everything into their own
> > hands and potentially even drop it, the less processing logic there is
> > built into the keyboard, the less there is to be replaced/repaired if some
> > dolt breaks it).
> I need to read his home page:
>
> http://www.cl.cam.ac.uk/~rja14/
I can recommmend reading his book on security engineering
http://www.amazon.co.uk/exec/obidos/ASIN/0471389226/qid=1144074697/sr=8-1/ref=pd_ka_1/203-7226076-3665569
Regards,
Dan.
--
|=- GPG key: http://www.berrange.com/~dan/gpgkey.txt -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- berrange at redhat.com - Daniel Berrange - dan at berrange.com -=|
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20060403/62ca3587/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list