Comments on: About PIN, the iPhone is about 20 years behind smart cards https://javacard.vetilles.com/2015/03/30/about-pin-the-iphone-is-about-20-years-behind-smart-cards/ A weblog on Java Card, security, and other things personal Thu, 18 May 2017 07:26:32 +0000 hourly 1 https://wordpress.org/?v=4.0.32 By: Marcos https://javacard.vetilles.com/2015/03/30/about-pin-the-iphone-is-about-20-years-behind-smart-cards/#comment-19362 Mon, 07 Dec 2015 07:17:10 +0000 http://javacard.vetilles.com/?p=17472#comment-19362 clever attack but not practical

]]> By: Eric Vétillard https://javacard.vetilles.com/2015/03/30/about-pin-the-iphone-is-about-20-years-behind-smart-cards/#comment-18924 Wed, 01 Apr 2015 08:24:47 +0000 http://javacard.vetilles.com/?p=17472#comment-18924 You are right. There are many ways to defend against such attacks. When I started working on smart cards, developers were actively working on “constant-time comparisons”, which would take the same time and leave the same power trace independently of the comparison result. Eventually, scopes became so good that the tiny differences became visible.

The superiority of countermeasures like pre-decrement is that it beats a full category of attacks. Timing attacks just don’t work any more.

]]> By: 0x54 https://javacard.vetilles.com/2015/03/30/about-pin-the-iphone-is-about-20-years-behind-smart-cards/#comment-18920 Wed, 01 Apr 2015 07:17:04 +0000 http://javacard.vetilles.com/?p=17472#comment-18920 Another way to protect against a power cut off attack for a security device is to have a backup tamper battery like most HSMs. A small capacitor or a tiny rechargeable button battery might have been rather handy although not every security device would be suitable for a tiny tamper power pack fitted onto it’s security chip. In fact, I am personally skeptical about the supposed security of any supposed tamper-resistant chips not backed with a tamper power supply in it’s security encapsulation.

]]>