1997-01-07 - Re: The Upcoming DES Challenge

Header Data

From: sameer <sameer@c2.net>
To: liz@nym.alias.net (Liz Taylor)
Message Hash: 87cd36666683f8b444fd143dbb6989cd5713a0891b194f085a6bf67b71212374
Message ID: <199701080002.QAA07748@gabber.c2.net>
Reply To: <19970107230955.978.qmail@anon.lcs.mit.edu>
UTC Datetime: 1997-01-07 23:42:06 UTC
Raw Date: Tue, 7 Jan 1997 15:42:06 -0800 (PST)

Raw message

From: sameer <sameer@c2.net>
Date: Tue, 7 Jan 1997 15:42:06 -0800 (PST)
To: liz@nym.alias.net (Liz Taylor)
Subject: Re: The Upcoming DES Challenge
In-Reply-To: <19970107230955.978.qmail@anon.lcs.mit.edu>
Message-ID: <199701080002.QAA07748@gabber.c2.net>
MIME-Version: 1.0
Content-Type: text/plain


> There is nothing unglamorous about a known plaintext attack, if the
> plaintext is choosen carefully. I don't know anything about bank ATMs
> and the protocols they use, but I presume the PIN is stored on the card
> single DES encrypted. If this is so, anyone can take an ATM card, attack it
> to recover the key and then use that key to recover the PIN for any stolen
> ATM card of that bank (or that branch). Hopefully, the ciphertext/plaintext
> pair that RSA announces will be a real target like this, with the actual key
> disabled. Once the key is recovered, the press can then claim that ATM
> cards are not safe any longer.

	Stolen ATM cards are actually not that valuable. They have
fixed limits and require physical presence to exploit. Try
swift/forex/etc. secret des keys.. those are valuable.

-- 
Sameer Parekh					Voice:   510-986-8770
President					FAX:     510-986-8777
C2Net 		    C2Net is having a party: http://www.c2.net/party/
http://www.c2.net/				sameer@c2.net





Thread