lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Apr 2004 15:43:53 -0700 From: "Michael Silk" <silkm@...hmail.com> To: bugtraq@...urityfocus.com, secprog@...urityfocus.com Subject: Smart Card Hello, A bank I am working with provides a Smart Card which is used on our clients PC to authorise him to the bank website ... the card stores a certificate, and also, i think, a private key. I am trying to discover if, in the case my clients machine is compromised (the machine the Smart Card is connected to), what are the possibilities of observing the smart card data as it is transferred ? I think that if the smart card reader (scr) and the client program (cp) establish a ssl-type connection then the only opportunity to observe the private key, certificate, is by inspecting the memory of cp. However I don't believe that this (or any?) smart cards to this ... Really appreciate any info anyone has. Thanks -- Michael Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Powered by blists - more mailing lists