From: Steve Schear <azur@netcom.com>
Date: Fri, 27 Jun 1997 09:30:37 +0800
To: Adam Back <trei@process.com
Subject: ATMs a better target (was: breaking RSA in hardware)
In-Reply-To: <199706251502.QAA24075@hermes>
Message-ID: <v03102802afd8c2f7046e@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain



At 10:51 PM +0100 6/26/97, Adam Back wrote:
>Peter Trei <trei@process.com> writes:
>> > [DES breaking]
>>
>> [useful stats]
>Perhaps it would be interesting to look at the economics of a well
>funded attacker breaking a 512 bit RSA key.  If we asume that they
>would do it in software, and had to buy the machines, would you be
>better to buy fewer workstations with 128Mb or lots with 16Mb.  Factor
>of 17 speed up using GNFS acording to your estimates of DES, and
>Lenstra's for GNFS RSA.
>
>So perhaps we're looking at motherboard $100, cpu $100, PSU+case $100
>+ 16Mb RAM $100 = $400.  The same, but with 128Mb $1100.
>
>So that's a 1100 / 400 = 2.75 ratio.  Clearly buying the larger memory
>PCs is the way to go.
>
>Overall GNFS is 6x cheaper it would appear.
>
>However, really the interesting question is how much would it cost to
>break RSA in hardware.  How expensive would it be to build a custom
>hardware machine to break RSA.  What building blocks would be needed.
>How much memory.  What would be the most efficient approach.
>

Seems that unless future crypto breaks compromise something everybody can
appreciate, they be little lasting PR value.

Colin Plumb, colin@nyx.net, said

>I don't know if everyone is aware, but all of the ATM cards floating
aroud use DES to protect the PIN.  With ine key sealed in tamper-proof.
Wouldn't *that* be a fun key to have?

>The details are published somehwere.  Basically, you encrypt some card
info to get a 16-character hex string.  Some 4 nybbles of that, reduced
mod 10 (so 0-5 are more likely than 6-9) are the "master PIN".

>An offset from this (added per-digit, mod 10) is stored in clear on the card
to allow programmable PINs.  But most cards ship with the offset set
to 0 and the default PIN is the master PIN.

>You just need a few people with closed accounts to volunteer their
ATM cards to mag stripe readers.  The work would be somewhat greater
since you need to do multiple decryptions to get a full validation;
you'd need to do weed out the impossible in stages.

>I'm not sure if the fraud possibilities (it lets you recover the
PINs from stolen ATM cards) are worth it, but it would sure raise
a ruckus...
--
>	-Colin

The crack project should publish all schematics and source prior to the
project start and the key server should definitely be offshore, since US
regulatory agencies might step in to prevent the experiment from reaching
its conclusion.

I think one of the list's lawyers should investigate the legal risks to the
participants.  I have an account I'm willing to donate for the experiment.

--Steve


PGP mail preferred
Fingerprint: FE 90 1A 95 9D EA 8D 61  81 2E CC A9 A4 4A FB A9
---------------------------------------------------------------------
Steve Schear              | tel: (702) 658-2654
CEO                       | fax: (702) 658-2673
First ECache Corporation  |
7075 West Gowan Road      |
Suite 2148                |
Las Vegas, NV 89129       | Internet: azur@netcom.com
---------------------------------------------------------------------

        I know not what instruments others may use,
        but as for me, give me Ecache or give me debt.

        SHOW ME THE DIGITS!