1994-07-06 - Re: Password Difficulties

Header Data

From: kentborg@world.std.com (Kent Borg)
To: karn@qualcomm.com
Message Hash: 01022fd5a3ae04767e05ca6475a78216404e3597cd99a50a725642e8ea865f15
Message ID: <199407060221.AA14907@world.std.com>
Reply To: N/A
UTC Datetime: 1994-07-06 02:24:22 UTC
Raw Date: Tue, 5 Jul 94 19:24:22 PDT

Raw message

From: kentborg@world.std.com (Kent Borg)
Date: Tue, 5 Jul 94 19:24:22 PDT
To: karn@qualcomm.com
Subject: Re: Password Difficulties
Message-ID: <199407060221.AA14907@world.std.com>
MIME-Version: 1.0
Content-Type: text/plain


karn@qualcomm.com writes:
>There's a difference: as far as I know, ATM PINs can't be cracked

That would make a difference, but how trustworthy is that fact?

Nostalgia time:

The first cash card I ever had was crackable.  When I opened the
account at Minnesota Federal the teller passed me this out-sized
calculator, I punched in my chosen (6-digit) PIN, she punched in their
(presumed) salt, and she recorded the 5 or 6 digit number the machine
produced (I forget that detail).

Boy was I intrigued!  I asked my math-major big sister how one could
figure out what someone's PIN was given the output it gave them.  She
didn't know enough about cryptography to give me an interesting
answer, she simply pointed out that it need not be a linear
function...

The encrypted number was embossed on my card.  I could walk up to the
various small terminals scattered in places like grocery stores, tell
it I wanted $5, get the chit it printed, bring it to a cashier, and
get the money.  

I am glad I am a pack-rat, someplace I have the old card and all the
receipts, I wonder where that number showed up, etc.  Will have to
poke around...


Ob-Password-Item: The PIN I chose?  The frail "266367"; amazing how
easily it came back to my fingers when I just now tried it on a
telephone-style keypad (as they used in that system).

Don't worry, that account (and system) is long dead...there is no
money in it any longer.  My PIN choice does date the system rather
closely, however.  (And with an appropriately cypherpunk-paranoid type
connection, I might add.)

And in retrospect, my choice of a PIN was not *so* bad considering how
thin the whole system was...well, OK, it was pretty weak.

Anyone know what obscurity was in that box?


-kb, the Kent who sometimes feels like an oldtimer


--
Kent Borg                                                  +1 (617) 776-6899
kentborg@world.std.com                                
kentborg@aol.com                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!





Thread