[Gnuk-users] Hardware PIN pad
perillamint
perillamint at gentoo.moe
Tue Dec 13 10:28:14 UTC 2016
On 13/12/16 19:00, Jonathan McDowell wrote:
> On Tue, Dec 13, 2016 at 01:04:37PM +0900, perillamint wrote:
>> About 1yrs ago, I tried to integrate UART fingerprint scanner to GnuK
>> firmware.
>>
>> I forked chopstx to add UART driver and added fingerprint scanner as
>> pin input device to GnuK.
>
> Looking at the GT-511C1R datasheet I can't see any sign of security in
> the protocol that it uses. It looks like there's a simple yes/no option,
> and a "tell me who it is" option, but no way that the device confirms
> it's the device you think it is, or a nonce to prevent replay attacks.
>
> J.
>
Yes. That modules default function isn't so good(actually, terrible) in
terms of security.
At first time, I thought I could run some lightweight fingerprint
recognition algorithm on STM32, so I planned to use GT-511C1R as dumb
fingerprint scanner. (Of course, it has lots of holes like faking
fingerprint image over UART, but much better then using built-in
algorithm in GT-511C1R) But it does not went well. Anyway, I have to
build PoC of it during semester (It was team project), so I took
random-slot-as-password approach instead of original plan. I admit it
has lots of holes in it.
However, I think some portion of my patch -- Initializing UART, Add
pinpad driver, etc. -- could be useful to Duncan. By replacing GT-511C1R
driver with Duncan's PIN-pad dirver, It could drive pin-pad instead of
insecure GT-511C1R.
Thanks.
More information about the gnuk-users
mailing list