[Gnuk-users] Hardware PIN pad
Ineiev
ineiev at gnu.org
Sun Apr 23 17:50:02 UTC 2017
On Thu, Feb 02, 2017 at 12:03:40AM -0500, Ineiev wrote:
> On Wed, Feb 01, 2017 at 09:58:48AM +0100, NdK wrote:
> > Il 31/01/2017 09:25, Ineiev ha scritto:
> >
> > >>> I've just layed out a draft [0]; the device doesn't fit on the top
> > >>> of FST-01, but I think it could be connected to it with a cable.
> > >> Why a micro? It could easily be hijacked by an attacker to store the PIN
> > >> code.
> > > FST-01 already includes a micro, doesn't it?
> > Yep. But if it gets tampered, key material is (or should be) lost (IIRC
> > updating the fw deletes the keys -- but I could be wrong).
>
> Or any further modifications are disabled.
>
> When the MCU on the pinpad gets tampered, its authentification code
> is lost; if the pinpad can't authentificate, FST-01 powers it down.
I've just posted a proof-of-concept implementation at the same URL,
http://freefriends.org/~ineiev/pinpad/index.html
The link between FST-01 and the pinpad is to be encrypted,
though I'm not sure I did it right.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20170423/1d3d9548/attachment.sig>
More information about the gnuk-users
mailing list