|

»

Poldi bug report: allow non-digit PIN

View: New views

6 Messages — Rating Filter: Alert me

	Poldi bug report: allow non-digit PIN by Lionel Elie Mamane-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message My OpenPGP smartcard has non-digits in its PIN, so it needs poldi to allow that. Note: you may want to also remove the all_digitsp function. --- poldi-0.4.1.orig/src/pam/auth-support/getpin-cb.c +++ poldi-0.4.1/src/pam/auth-support/getpin-cb.c @@ -85,5 +88,3 @@ - else if (!all_digitsp (buffer)) - log_msg_error (ctx->loghandle, _("invalid characters in PIN")); else break; } -- Lionel _______________________________________________ Gnupg-devel mailing list Gnupg-devel@... http://lists.gnupg.org/mailman/listinfo/gnupg-devel
	Re: Poldi bug report: allow non-digit PIN by Werner Koch :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Thu, 30 Jul 2009 19:49, lionel@... said: > My OpenPGP smartcard has non-digits in its PIN, so it needs poldi to > allow that. Please use only digits. You would get into severe trouble if you switch to a keypad reader. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-devel mailing list Gnupg-devel@... http://lists.gnupg.org/mailman/listinfo/gnupg-devel
	Re: Poldi bug report: allow non-digit PIN by Moritz Schulte-5 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message >> My OpenPGP smartcard has non-digits in its PIN, so it needs poldi to >> allow that. > > Please use only digits. You would get into severe trouble if you switch > to a keypad reader. What does this mean for Poldi? Should Poldi _forbid_ the use of non-digit PINs or not? Maybe we should add a configuration option ("allow-non-digit-pins"?) to make it clear that using non-digit PINs might get you into trouble? Thanks, mo _______________________________________________ Gnupg-devel mailing list Gnupg-devel@... http://lists.gnupg.org/mailman/listinfo/gnupg-devel signature.asc (277 bytes) Download Attachment
	Re: Poldi bug report: allow non-digit PIN by Werner Koch :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Sat, 8 Aug 2009 14:06, Moritz.Schulte@... said: > What does this mean for Poldi? Should Poldi _forbid_ the use of > non-digit PINs or not? Maybe we should add a configuration option > ("allow-non-digit-pins"?) to make it clear that using non-digit PINs > might get you into trouble? In GnuPG we do these checks /* do some basic checks on the entered PIN. */ if (!all_digitsp (pininfo->pin)) errtext = _("Invalid characters in PIN"); else if (pininfo->max_digits && strlen (pininfo->pin) > pininfo->max_digits) errtext = _("PIN too long"); else if (strlen (pininfo->pin) < pininfo->min_digits) errtext = _("PIN too short"); if asking for a PIN via Pinentry. MIN_MAXDIGITS are 0/16. This is in the generic code; the actual smartcard application code in scdaemon may even be more restrictive. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-devel mailing list Gnupg-devel@... http://lists.gnupg.org/mailman/listinfo/gnupg-devel
	Re: Poldi bug report: allow non-digit PIN by Lionel Elie Mamane-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mon, Aug 10, 2009 at 07:47:07PM +0200, Werner Koch wrote: > On Sat, 8 Aug 2009 14:06, Moritz.Schulte@... said: >> What does this mean for Poldi? Should Poldi _forbid_ the use of >> non-digit PINs or not? Maybe we should add a configuration option >> ("allow-non-digit-pins"?) to make it clear that using non-digit PINs >> might get you into trouble? > In GnuPG we do these checks > /* do some basic checks on the entered PIN. */ > if (!all_digitsp (pininfo->pin)) > errtext = _("Invalid characters in PIN"); > else if (pininfo->max_digits > && strlen (pininfo->pin) > pininfo->max_digits) > errtext = _("PIN too long"); > else if (strlen (pininfo->pin) < pininfo->min_digits) > errtext = _("PIN too short"); > if asking for a PIN via Pinentry. MIN_MAXDIGITS are 0/16. This is in > the generic code; the actual smartcard application code in scdaemon may > even be more restrictive. I use a non-digit PIN for SSH authentication (so gpg-agent / scdaemon), and it works. So it would seem that scdaemon is much less restrictive. lionelm@harif:~$ scdaemon --version scdaemon (GnuPG) 2.0.11 libgcrypt 1.4.4 libksba 1.0.6 It is possible that it is a Debian-specific patch that allows me that, not sure. -- Lionel _______________________________________________ Gnupg-devel mailing list Gnupg-devel@... http://lists.gnupg.org/mailman/listinfo/gnupg-devel
	Re: Poldi bug report: allow non-digit PIN by Werner Koch :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Tue, 18 Aug 2009 15:02, lionel@... said: > I use a non-digit PIN for SSH authentication (so gpg-agent / > scdaemon), and it works. So it would seem that scdaemon is much less > restrictive. Quite possible that this slipped in. I am a bit reluctant to make the check for ssh more restrictive as this would mean you can't use it anymore. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-devel mailing list Gnupg-devel@... http://lists.gnupg.org/mailman/listinfo/gnupg-devel