[Gllug] [ot] borked net transaction
Matthew Thompson
matt.thompson at actuality.co.uk
Sat May 7 09:31:45 UTC 2005
> Err, no. If it were trivial to discover then there would be
> absolutely no
> point in chip and pin cards at all.
>
> The point is, the card may know what the PIN is but it has no
> option to
> allow the PIN to be read. All it will allow is for a proposed PIN
> to be
> checked. The banks may not be perfect but they're not stupid.
>
> There are lots of potential problems with chip and PIN cards but
> this - at
> the current levels of technology - isn't one of them.
Agreed - I don't believe that the chip and pin cards contain the pin
at all - I think that they contain a public key based signature which
can be used to verify the PIN offline.
Visa are currently using either 1024bit and 1152bit key lengths, the
smaller of which will be withdrawn at the end of 2009 and POS
terminals are meant to be capable of 1984bit key length transactions.
There's some decent information at http://www.chipandpin.co.uk/info/
reference.html
M at t :O)
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list