From: Ulrich Kuehn <kuehn@ESCHER.UNI-MUENSTER.DE>
Date: Wed, 8 Jan 1997 02:36:41 -0800 (PST)
To: Liz Taylor <liz@nym.alias.net>
Subject: Re: The Upcoming DES Challenge
In-Reply-To: <19970107230955.978.qmail@anon.lcs.mit.edu>
Message-ID: <199701081028.LAA23370@nirvana.uni-muenster.de>
MIME-Version: 1.0
Content-Type: text/plain


Liz Taylor writes:
 > There is nothing unglamorous about a known plaintext attack, if the
 > plaintext is choosen carefully. I don't know anything about bank ATMs
 > and the protocols they use, but I presume the PIN is stored on the card
 > single DES encrypted. If this is so, anyone can take an ATM card, attack it
 > to recover the key and then use that key to recover the PIN for any stolen
 > ATM card of that bank (or that branch). Hopefully, the ciphertext/plaintext
 > pair that RSA announces will be a real target like this, with the actual key
 > disabled. Once the key is recovered, the press can then claim that ATM
 > cards are not safe any longer.
 >
As far as I know, here in Germany (maybe also somewhere else) there is
not the pin stored on the card. Instead, it is regenerated by the ATM
every time using a secret key of the bank. In order to be able to
use the ATM card even with ATMs of different banks, there are offsets
stored on the card that relate to some commonly used pool keys.

Ciao,
Ulrich

-- 
Ulrich Kuehn ------ kuehn@math.uni-muenster.de
        http://wwwmath.uni-muenster.de/~kuehn/