[3397] in cryptography@c2.net mail archive
Re: German court: DES is no good
daemon@ATHENA.MIT.EDU (Matt Curtin)
Wed Sep 30 16:35:03 1998
To: Robert Hettinga <rah@shipwright.com>
Cc: cryptography@c2.net
From: Matt Curtin <cmcurtin@interhack.net>
Date: 30 Sep 1998 08:33:31 -0400
In-Reply-To: Robert Hettinga's message of "Thu, 24 Sep 1998 15:14:31 -0400"
Robert Hettinga <rah@shipwright.com> writes:
> The bank argued that the PIN can only be cracked with the use of the
> bank's own DES key, not with the information on the card - and
> assumed it would be impossible as there would be 70 billion
> different possibilities using the 56-bit algorithms."
Unfortunately, I didn't see any reference to the length of the PIN.
However, if it's as it is in the US, the number of possible PINS is
only 10^4, which is significantly more easy to brute-force than the
one of 2^56 possible DES keys used for generation of the PIN in the
first place.
The (lack of) strength of DES is completely irrelevant here.
--
Matt Curtin cmcurtin@interhack.net http://www.interhack.net/people/cmcurtin/
