[1083] in cryptography@c2.net mail archive
[Fwd: Re: Thoughts on the next target.]
daemon@ATHENA.MIT.EDU (Scott Baker)
Tue Jun 24 20:24:46 1997
Date: Tue, 24 Jun 1997 19:04:02 -0700
From: Scott Baker <baker@ohcu.org>
Reply-To: baker@ohcu.org
To: cryptography@c2.net
Message-ID: <33B07C66.9B6@ohcu.org>
Date: Tue, 24 Jun 1997 19:03:19 -0700
From: Scott Baker <baker@ohcu.org>
Reply-To: baker@ohcu.org
X-Mailer: Mozilla 3.01 (Win16; U)
MIME-Version: 1.0
To: Colin Plumb <colin@nyx.net>
Subject: Re: Thoughts on the next target.
References: <9706242031.AA13993@nyx.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Colin Plumb wrote:
>
> I don't know if everyone is aware, but all of the ATM cards floating
> aroud use DES to protect the PIN. With ine key sealed in tamper-proof.
> Wouldn't *that* be a fun key to have?
>
Problem is getting the key.
> An offset from this (added per-digit, mod 10) is stored in clear on the card
> to allow programmable PINs. But most cards ship with the offset set
> to 0 and the default PIN is the master PIN.
>
Not so. Most cards are actually encoded with their PIN. Only a handful
of large banks offer programable PINs, most are coded when the card is
pressed.
> You just need a few people with closed accounts to volunteer their
> ATM cards to mag stripe readers. The work would be somewhat greater
> since you need to do multiple decryptions to get a full validation;
> you'd need to do weed out the impossible in stages.
>
Uhhh, no. Most institutions have several keys that they use, many have
over a 100.
> I'm not sure if the fraud possibilities (it lets you recover the
> PINs from stolen ATM cards) are worth it, but it would sure raise
> a ruckus...
> --
> -Colin
If you're caught, you'd spend a nice long time in prison. Let me just
remind you, EVERY financial institution in the country, and the Federal
Reserve, has a vested interest in making sure this type of thing doesn't
happen, someone trys it and gets caught, and you can kiss them bye bye.
______________________________
Scott Baker
Old Hickory Credit Union
baker@ohcu.org
