[Gnuk-users] Is the FST-01 vulnerable to fault injection?

[Jonathan Schleifer]

> I don't think so. Sure, keys can be extracted, but since they're stored
> encrypted by the PIN they're "useless" for the attacker (he'll have to
> brute force the PIN and that's quite doable since the S2K uses a reduced
> number of rounds).
> *But* if the attacker can steal your token, it's like having root on
> your machine... Game over!

Well, that doesn't read like it needs to be stolen, just 15 seconds to extract the keys, the bruteforce could then be done offline.

--
Jonathan