status-im / status-keycard

Our Javacard Implementation for making secure transactions within Status and Ethereum
Apache License 2.0
215 stars 65 forks source link

UnblockPIN and VerifyPIN have differing behaviors #48

Closed karalabe closed 5 years ago

karalabe commented 5 years ago

Hey, played around with it a bit more and can confirm that the PUK is properly decremented if I supply all the needed 12 + 6 bytes.

However, then I have a different issue:

I think both behaviors is fine as long as they are consistent across each other. At least this is what I would expect.

bitgamma commented 5 years ago

I agree with you that the VERIFY PIN behavior is somewhat inconsistent and should be changed to match the UNBLOCK PIN behavior. In the meantime format validation can be performed client-side to avoid wasting PIN attempts.