Re: ssh-pkcs11.c

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, Jun 17, 2016 at 7:57 PM, Alon Bar-Lev <alon.barlev@xxxxxxxxx> wrote:
> On 17 June 2016 at 20:58, Nuno Gonçalves <nunojpg@xxxxxxxxx> wrote:
>> Hi,
>>
>> It seems there is a bug with the pkcs11 feature where a zero-length
>> PIN is accepted. I believe this is a bug, since the user might want to
>> press return when asked for the PIN to ignore that slot/key.
>
> Hi,
>
> Empty PIN is valid case, not sure why you want to avoid supporting it.
>
> Alon

I didn't know it was valid but the reasoning still applies. I don't
really know the standard use cases, but I think it could eventually be
useful for the user, when asked for the PIN, to decide not enter it.
Currently it can only be done by killing ssh. If empty PIN is valid,
but eventually not usual, maybe we should ask if the user really wants
to try a empty pin or just continue to another authentication option?


Regarding the CKF_USER_PIN flags, do you think it is a good idea to
implement the warning messages?

Thanks,
Nuno
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux