[127133] in cryptography@c2.net mail archive
Re: The wisdom of the ill informed
daemon@ATHENA.MIT.EDU (Ed Gerck)
Mon Jun 30 19:01:18 2008
Date: Mon, 30 Jun 2008 11:30:44 -0700
From: Ed Gerck <edgerck@nma.com>
To: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <20080630174456.BB1A733DC4@absinthe.tinho.net>
dan@geer.org wrote:
> Ed Gerck writes:
> -+--------------
> | ...
> | Not so fast. Bank PINs are usually just 4 numeric characters long and
> | yet they are considered /safe/ even for web access to the account
> | (where a physical card is not required).
> |
> | Why? Because after 4 tries the access is blocked for your IP number
> | (in some cases after 3 tries).
> | ...
>
>
> So I hold the PIN constant and vary the bank account number.
Dan,
This is, indeed, a possible attack considering that the same IP may be
legitimately used by different users behind NAT firewalls and/or with
dynamic IPs. However, there are a number of reasons, and evidence, why
this attack can be (and has been) prevented even for a short PIN:
1. there is a much higher number of combinations in a 12-digit account
number;
2. banks are able to selectively block IP numbers for the /same/
browser and /same/ PIN after 4 or 3 wrong attempts, with a small false
detection probability for other users of the same IP (who are not
blocked). I know one online system that has been using such method for
protecting webmail accounts, with several attacks logged but no
compromise and no false detection complaints in 4 years.
3. some banks reported that in order to satisfy FFIEC requirements for
two-factor authentication, but without requiring the customer to use
anything else (eg, a dongle or a "battle ship map"), they were
detecting the IP, browser information and use patterns as part of the
authentication procedure. This directly enables #2 above.
I also note that the security problem with short PINs is not much
different than that with passwords, as users notoriously choose
passwords that are easy to guess. However, an online system that is
not controlled by the attacker is able to likewise prevent multiple
password tries, or multiple account tries for the same password.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
