Martin Grap (mgrap@concord-eracom.de)
Fri, 7 Aug 1998 15:53:31 +0100
Again I am not an ATM expert but the algorithm for the PIN generation/
verification in the EC system is more or less as follows:
Transform( MAC(key, account number | name | ...) )
where ... refers to other public data on the mag stripe, where the key is
*not*
stored on the card and where Transform is a function which maps the MAC
output to all possible PINs. In a brute force attack you still have to
try all possible MAC keys. And this brute force attack is hopefully not
"trivial".
>Even if the MAC includes a secret ATM key,
The term MAC implies in my opinion the use of a secret key for generating
the output.
>the same fixed
>key must be semi-permanently embedded in each compatible
>ATM machine, and it can't be changed without making all
>cards obsolete.
Believe it or not, the above described MAC system is used here by
millions of people everyday. As online PIN verification is the standard
nowadays, the embedding of the key in the ATMs is not necessary anymore.
This should also make a key change easier as the PIN verification
process is centralized. One could even think of ways to prevent all
PINs calculated with the old key to be rejected by the ATM. Simply
"lookup" the key to use during verification dependig on the card number
or are unique information. Sure this does not help if the old key
has been compromised.
>Storing any PIN-associated data on a card is a risk.
It surely helps the attacker but so does, in another context, sending
ciphertext.
I never said that the above mentioned system is ideal, I did not say it
is 100% secure, I did not even say that I like it. But if a brute force
attack is the only way of attacking it successfully I'll continue to
use it (unfortunately they still use single DES so I should probably
stop using it :-))
Have a nice weekend
Martin
--------
Martin Grap, Concord-Eracom Computer Security GmbH
Talstrasse 11, D-72218 Wildberg, Germany
Tel. : {+49} (0)7054-9267-0, Fax: {+49} (0)7054-1837
e-mail: mgrap@concord-eracom.de, CE-homepage: http://www.concord-eracom.de
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:10:56