Re: Chip & Pin @ Tescos
- From: "Alex" <no.spam@xxxxxxxx>
- Date: 19 Jun 2006 16:33:10 GMT
At 16:56:50 on 19/06/2006, Jonathan Bryce delighted uk.finance by announcing:
Tom Anderson wrote:
It's not as simple as you think. It is impossible to have both off-line
operation and PIN security: the thing is, if you want offline operation,
then even if you don't have the PIN on the card, you do have to have
enough information to validate the PIN - a hash of the PIN or something.
If an attacker gets hold of that, then since the PIN is a four-digit
number, it's trivial to recover it: you just run through all the possible
PINs and check whether they validate against the information on the card.
Unless of course, the chip self destructs after a certain number of
unsuccessful attempts,
Not self-destructs, as such, but either blocks further PIN entry attempts
(reversible at an ATM) or blocks access to the card completely (only reversible
with specialised terminals).
which might be possible to implement,
So possible, in fact, that the above is already implemented.
and is
probably also possible to circumvent.
Possible, but probably really not worthwhile.
.
- Follow-Ups:
- Re: Chip & Pin @ Tescos
- From: Jonathan Bryce
- Re: Chip & Pin @ Tescos
- References:
- Chip & Pin @ Tescos
- From: clemenr
- Re: Chip & Pin @ Tescos
- From: Alex
- Re: Chip & Pin @ Tescos
- From: clemenr
- Re: Chip & Pin @ Tescos
- From: Alex
- Re: Chip & Pin @ Tescos
- From: Ronald Raygun
- Re: Chip & Pin @ Tescos
- From: Alex
- Re: Chip & Pin @ Tescos
- From: Ronald Raygun
- Re: Chip & Pin @ Tescos
- From: Alex
- Re: Chip & Pin @ Tescos
- From: Ronald Raygun
- Re: Chip & Pin @ Tescos
- From: Tom Anderson
- Re: Chip & Pin @ Tescos
- From: Jonathan Bryce
- Chip & Pin @ Tescos
- Prev by Date: Re: Chip & Pin @ Tescos
- Next by Date: Free Personal Accounting Software
- Previous by thread: Re: Chip & Pin @ Tescos
- Next by thread: Re: Chip & Pin @ Tescos
- Index(es):
Relevant Pages
|
