Re: ATM card pins

David P Jablon (dpj@world.std.com)
Fri, 7 Aug 1998 12:17:25 -0400

• Next message: Berke Durak: "Re: RC6 legal status"
• Previous message: Adam Shostack: "Re: RC6 legal status"
• In reply to: Berke Durak: "RC6 legal status"
• Next in thread: bram: "Re: ATM card pins"
• Reply: bram: "Re: ATM card pins"

Thanks for the clarification -- that the ATM key authenticates
the PIN-MAC on the card.

Your points are well taken, and I agree that offline verification
should be obsolete today.

I should have said that a fixed PIN-MAC key installed in
all ATM's is too-vulnerable to theft or disclosure.
And getting this key (by whatever means) enables a
trivial brute-force attack on every card ever used with
the system. This latter brute-force attack is on the
order of 2^13, the size of a 4-digit PIN, rather than
2^56, or whatever.

Martin Grap wrote:
> Again I am not an ATM expert but the algorithm for the PIN generation/
> verification in the EC system is more or less as follows:
>
> Transform( MAC(key, account number | name | ...) )
>
> where ... refers to other public data on the mag stripe, where the key is
> *not*
> stored on the card and where Transform is a function which maps the MAC
> output to all possible PINs. In a brute force attack you still have to
> try all possible MAC keys. And this brute force attack is hopefully not
> "trivial".

-- dpj

• Next message: Berke Durak: "Re: RC6 legal status"
• Previous message: Adam Shostack: "Re: RC6 legal status"
• In reply to: Berke Durak: "RC6 legal status"
• Next in thread: bram: "Re: ATM card pins"
• Reply: bram: "Re: ATM card pins"