[3400] in cryptography@c2.net mail archive
Re: German court: DES is no good
daemon@ATHENA.MIT.EDU (Ulf =?iso-8859-1?Q?M=F6ller?=)
Wed Sep 30 19:42:16 1998
Date: Thu, 1 Oct 98 00:42 +0200
From: ulf@fitug.de (Ulf =?iso-8859-1?Q?M=F6ller?=)
To: cmcurtin@interhack.net
In-Reply-To: <8667e5u6ec.fsf@strangepork.interhack.net>
Cc: Robert Hettinga <rah@shipwright.com>, cryptography@c2.net
>However, if it's as it is in the US, the number of possible PINS is
>only 10^4, which is significantly more easy to brute-force than the
>one of 2^56 possible DES keys used for generation of the PIN in the
>first place.
>
>The (lack of) strength of DES is completely irrelevant here.
I don't know what sort of brute force attack you have in mind, but
when entering a PIN into an ATM you have only three attempts.
On the other hand, once you have the DES key, you can compute the PIN
for any EC card just using a card reader and a DES implementation.
