[127136] in cryptography@c2.net mail archive
Re: The wisdom of the ill informed
daemon@ATHENA.MIT.EDU (Ed Gerck)
Mon Jun 30 19:03:06 2008
Date: Mon, 30 Jun 2008 12:55:16 -0700
From: Ed Gerck <edgerck@nma.com>
To: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <486924C6.2010907@sound-by-design.com>
Allen wrote:
> During the transmission from an ATM machine 4 numeric characters are
> probably safe because the machines use dedicated dry pair phone lines
> for the most part, as I understand the system. This, combined with
> triple DES, makes it very difficult to compromise or do a MIM attack
> because one can not just tap into the lines remotely.
We are in agreement. Even short PINs could be safe in a bank-side
authenticated (no MITM) SSL connection with 128-bit encryption.
What's also needed is to block multiple attempts after 3 or 4 tries,
in both the ATM and the SSL online scenarios.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
