[127183] in cryptography@c2.net mail archive
Re: The wisdom of the ill informed
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Tue Jul 1 11:09:23 2008
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: cryptography@metzdowd.com, edgerck@nma.com
In-Reply-To: <48692654.3060709@nma.com>
Date: Wed, 02 Jul 2008 00:01:51 +1200
Ed Gerck <edgerck@nma.com> writes:
>dan@geer.org wrote:
>> So I hold the PIN constant and vary the bank account number.
>
>This is, indeed, a possible attack considering that the same IP may be
>legitimately used by different users behind NAT firewalls and/or with dynamic
>IPs. However, there are a number of reasons, and evidence, why this attack
>can be (and has been) prevented even for a short PIN:
It's a pity that Kjell Hole et al didn't know this was impossible when they
mounted exactly this attack against the Norwegian banking system :-).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
