[3403] in cryptography@c2.net mail archive
Re: German court: DES is no good
daemon@ATHENA.MIT.EDU (Andreas Bogk)
Thu Oct 1 11:46:39 1998
Date: Thu, 1 Oct 1998 15:28:22 +0200
From: Andreas Bogk <ich@andreas.org>
To: cryptography@c2.net
In-Reply-To: <8667e5u6ec.fsf@strangepork.interhack.net>; from Matt Curtin on Wed, Sep 30, 1998 at 08:33:31AM -0400
On Wed, Sep 30, 1998 at 08:33:31AM -0400, Matt Curtin wrote:
> However, if it's as it is in the US, the number of possible PINS is
> only 10^4, which is significantly more easy to brute-force than the
> one of 2^56 possible DES keys used for generation of the PIN in the
> first place.
But you'll need a way to determine which of the 10^4 PINs is the correct one,
and for that you need the DES key.
> The (lack of) strength of DES is completely irrelevant here.
It's not. Breaking DES is a way of breaking the EC card system, and it costs
far less money than the EC card customers lost due to fraud.
Of course there are other ways to break the system, including extraction
of the keys from the tamper-resistant modules of the ATMs. But that's at
least as hard.
Andreas
--
Gwydion Dylan Development -> http://www.randomhacks.com/dylan
"We're fully buzzword-compliant."
