From: Mixmaster <mixmaster@remail.obscura.com>
Date: Wed, 24 Jul 1996 18:46:34 +0800
To: aba@atlas.ex.ac.uk
Subject: Re: DES brute force? (was: Re: Borders *are* transparent)
Message-ID: <199607240410.VAA04257@sirius.infonex.com>
MIME-Version: 1.0
Content-Type: text/plain


>What DES modes are used in typical banking situations?  (I am
>presuming a challenge involving a widely used banking funds transfer
>protocol would be a suitably juicy targets, based on a criteria of
>demonstrating the greatest financial risk).

The problem with banking applications is that cracking a real key
causes lots of real damage.  I don't think it is illegal (as long
as you don't withdraw somebody else's money), but publishing e.g.
one of the DES keys used for the "EC Card" PIN verification would
bring the European ATM system close to collapse.  Finding a self-
generated key, on the other hand, is not very impressive.