FreeCalypso > hg > fc-pcsc-tools
comparison doc/GrcardSIM2-security-model @ 190:f756bafde7a9
doc/GrcardSIM2-security-model: new grcard2-set-adm5 command
| author | Mychaela Falconia <falcon@freecalypso.org> |
|---|---|
| date | Sat, 06 Mar 2021 21:14:17 +0000 |
| parents | c925f7808285 |
| children | 7c24ae2ca648 |
comparison
equal
deleted
inserted
replaced
| 189:123dc7370581 | 190:f756bafde7a9 |
|---|---|
| 43 verify-hex 5 xxxxxxxxxxxxxxxx # authenticate as ADM5, arbitrary hex format | 43 verify-hex 5 xxxxxxxxxxxxxxxx # authenticate as ADM5, arbitrary hex format |
| 44 | 44 |
| 45 verify-ext 11 XXXXXXXX # authenticate as ADM11, decimal format | 45 verify-ext 11 XXXXXXXX # authenticate as ADM11, decimal format |
| 46 verify-hex 11 xxxxxxxxxxxxxxxx # authenticate as ADM11, arbitrary hex format | 46 verify-hex 11 xxxxxxxxxxxxxxxx # authenticate as ADM11, arbitrary hex format |
| 47 | 47 |
| 48 grcard2-set-adm XXXXXXXX # set new ADM5, decimal format | 48 grcard2-set-adm5 XXXXXXXX # set new ADM5, decimal format |
| 49 grcard2-set-adm-hex xxxxxxxxxxxxxxxx # set new ADM5, arbitrary hex format | 49 grcard2-set-adm5-hex xxxxxxxxxxxxxxxx # set new ADM5, arbitrary hex format |
| 50 | 50 |
| 51 grcard2-set-super XXXXXXXX # set new ADM11, decimal format | 51 grcard2-set-super XXXXXXXX # set new ADM11, decimal format |
| 52 grcard2-set-super-hex xxxxxxxxxxxxxxxx # set new ADM11, arbitrary hex format | 52 grcard2-set-super-hex xxxxxxxxxxxxxxxx # set new ADM11, arbitrary hex format |
| 53 | 53 |
| 54 Setting PIN1/PIN2/PUK1/PUK2 | 54 Setting PIN1/PIN2/PUK1/PUK2 |
| 89 | 89 |
| 90 grcard2-set-pin1 1234 | 90 grcard2-set-pin1 1234 |
| 91 grcard2-set-pin2 6666 | 91 grcard2-set-pin2 6666 |
| 92 grcard2-set-puk1 00099933 | 92 grcard2-set-puk1 00099933 |
| 93 grcard2-set-puk2 00099944 | 93 grcard2-set-puk2 00099944 |
| 94 grcard2-set-adm 55501234 | 94 grcard2-set-adm5 55501234 |
| 95 | 95 |
| 96 For as long as you keep the ADM11 secret code at its default of 88888888, there | 96 For as long as you keep the ADM11 secret code at its default of 88888888, there |
| 97 is no PIN security - even if you set PIN1/PIN2/PUK1/PUK2 to your own secrets, | 97 is no PIN security - even if you set PIN1/PIN2/PUK1/PUK2 to your own secrets, |
| 98 anyone can authenticate with the unchanged default ADM11 and then freely reset | 98 anyone can authenticate with the unchanged default ADM11 and then freely reset |
| 99 all lower PINs. However, in the Mother's opinion there is very little need for | 99 all lower PINs. However, in the Mother's opinion there is very little need for |
| 121 possibility of recovery - this bricking mode is generally expected, there can | 121 possibility of recovery - this bricking mode is generally expected, there can |
| 122 be no other way. | 122 be no other way. |
| 123 | 123 |
| 124 * If you enter ADM5 incorrectly 3 times in a row, you unrecoverably lose the | 124 * If you enter ADM5 incorrectly 3 times in a row, you unrecoverably lose the |
| 125 ability to use ADM5 ever again - even if you successfully authenticate with | 125 ability to use ADM5 ever again - even if you successfully authenticate with |
| 126 ADM11 and reset ADM5 with grcard2-set-adm, the attempt counter does not get | 126 ADM11 and reset ADM5 with grcard2-set-adm5, the attempt counter does not get |
| 127 reset, and ADM5 remains blocked. | 127 reset, and ADM5 remains blocked. |
| 128 | 128 |
| 129 * If you enter standard PUK1 or PUK2 incorrectly 10 times in a row, it is | 129 * If you enter standard PUK1 or PUK2 incorrectly 10 times in a row, it is |
| 130 similarly blocked beyond recovery, with no help from ADM5 or ADM11 - | 130 similarly blocked beyond recovery, with no help from ADM5 or ADM11 - |
| 131 grcard2-set-puk[12] commands reset the secret code, but not the associated | 131 grcard2-set-puk[12] commands reset the secret code, but not the associated |