[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The Upcoming DES Challenge

To: Liz Taylor <[email protected]>
Subject: Re: The Upcoming DES Challenge
From: Ulrich Kuehn <[email protected]>
Date: Wed, 8 Jan 1997 11:28:54 +0100
Cc: [email protected], [email protected], [email protected]
In-Reply-To: <[email protected]>
Organization: WWU Muenster, Germany, Department of Mathematics
References: <[email protected]>
Sender: [email protected]

Liz Taylor writes:
 > There is nothing unglamorous about a known plaintext attack, if the
 > plaintext is choosen carefully. I don't know anything about bank ATMs
 > and the protocols they use, but I presume the PIN is stored on the card
 > single DES encrypted. If this is so, anyone can take an ATM card, attack it
 > to recover the key and then use that key to recover the PIN for any stolen
 > ATM card of that bank (or that branch). Hopefully, the ciphertext/plaintext
 > pair that RSA announces will be a real target like this, with the actual key
 > disabled. Once the key is recovered, the press can then claim that ATM
 > cards are not safe any longer.
 >
As far as I know, here in Germany (maybe also somewhere else) there is
not the pin stored on the card. Instead, it is regenerated by the ATM
every time using a secret key of the bank. In order to be able to
use the ATM card even with ATMs of different banks, there are offsets
stored on the card that relate to some commonly used pool keys.

Ciao,
Ulrich

-- 
Ulrich Kuehn ------ [email protected]
        http://wwwmath.uni-muenster.de/~kuehn/

Follow-Ups:
- Re: The Upcoming DES Challenge
  - From: [email protected] (Bodo Moeller)

Prev by Date: IBM Key Recovery Propaganda on United Airlines
Next by Date: sig. files with PGP
Prev by thread: Re: The Upcoming DES Challenge
Next by thread: Re: The Upcoming DES Challenge
Index(es):
- Date
- Thread