Re: ATM card pins

Martin Grap (mgrap@concord-eracom.de)
Thu, 6 Aug 1998 17:29:55 +0100

• Next message: Jon Vincent: "Re: ATM card pins"
• Previous message: Martin Grap: "Re: ATM card pins"
• Maybe in reply to: Jamen Porteus: "ATM card pins"
• Next in thread: Jon Vincent: "Re: ATM card pins"
• Reply: Jon Vincent: "Re: ATM card pins"
• Reply: Andi Kleen: "Re: ATM card pins"
• Reply: Simon R Knight: "Re: ATM card pins"

At 05:09 PM 8/6/98 +0100, you wrote:
>Yes, but if you have a card reader, you can see that the PIN is in fact on
>that card, encrypted of course. It was stated in an earlier part of the
>email.
>
>- Jon
>
Well there is probably some data on the magstrip which your friend can not
interpret but in order to conclude that it is the encrypted PIN he probably
would have to break the "encryption". And he admits that he has not done
that yet.

If you do it properly there is simply no technical reason to store the PIN
or any other secret information in any form on the mag stripe of an ATM card.
In the worst case (ATM offline), the ATM has to know the PIN generation key.
If the ATM operates only online the ATM not even has to know the PIN
generation key.

Martin
--------
Martin Grap, Concord-Eracom Computer Security GmbH
Talstrasse 11, D-72218 Wildberg, Germany
Tel. : {+49} (0)7054-9267-0, Fax: {+49} (0)7054-1837
e-mail: mgrap@concord-eracom.de, CE-homepage: http://www.concord-eracom.de

• Next message: Jon Vincent: "Re: ATM card pins"
• Previous message: Martin Grap: "Re: ATM card pins"
• Maybe in reply to: Jamen Porteus: "ATM card pins"
• Next in thread: Jon Vincent: "Re: ATM card pins"
• Reply: Jon Vincent: "Re: ATM card pins"
• Reply: Andi Kleen: "Re: ATM card pins"
• Reply: Simon R Knight: "Re: ATM card pins"