[xaduha]

You can still have pin protected stuff, both Security Officer and ordinary user can have them, it's a part of PKCS #11 standard probably. Also, we were talking about Neo.

To me it makes more sense not to do crypto yourself, but trust in an established technology, which is a smartcard. They are used everywhere from sim cards to chip-and-pin credit cards.

[mindslight]

Sure, but smartcards have traditionally fulfilled a narrow purpose - creating a notion of non-cloneable identity for some centralized top-down entity. The technology of a hardened mini computer could be applied to many other things, but the closed philosophy of the industry really hinders that. I'd love to get some samples of ST23 and create a board with an appropriate hardware UI for end-user signing, but alas this industry has not seen the light of Kerckhoff's principle.

My problem with PINs is twofold. First, the reader required to use them in a transparent manner does not fit with the form factor of a laptop. Second, they're obviously less secure than a passphrase - relying completely on hardened hardware. If I'm willing to enter a passphrase for every session, why should I be carrying around the key in the clear?