[35] in cryptography@c2.net mail archive
ATMs + PINs (was Re: The Upcoming DES Challenge)
daemon@ATHENA.MIT.EDU (Peter M Allan)
Wed Jan 8 12:51:15 1997
Date: Wed, 8 Jan 97 13:16:16 GMT
From: peter.allan@aeat.co.uk (Peter M Allan)
To: cryptography@c2.net, liz@nym.alias.net
Liz Taylor writes:
> There is nothing unglamorous about a known plaintext attack, if the
> plaintext is choosen carefully. I don't know anything about bank ATMs
> and the protocols they use, but I presume the PIN is stored on the card
> single DES encrypted. If this is so, anyone can take an ATM card, attack it
> to recover the key and then use that key to recover the PIN for any stolen
> ATM card of that bank (or that branch).
> Once the key is recovered, the press can then claim that ATM
> cards are not safe any longer.
Ross Anderson's "Why Cryptosystems Fail" describes ATMs and their
keying arrangements. Without re-reading it I remember one card
used to have unsalted encrypted PINs stored on the card, and it
was possible to copy your PIN onto a stolen card and empty the
account of the owner. I think the encrypted PINs are now stored
with the account identifier as salt.
The article is worth reading and is mainly about bad design failing
to address realistic attacks (including those by insiders).
It is not encouraging about bank security even in the absence of
keysearch attacks.
ftp://ftp.cl.cam.ac.uk/users/rja14/wcf.ps.gz
-- Peter Allan peter.allan@aeat.co.uk
