[Gllug] natwest fantasticness

Doug Winter doug at pigeonhold.com
Tue Apr 6 10:43:49 UTC 2004


On Tue 06 Apr Robert McKay wrote:
> Perhaps they could use automatic signature recognition. That might be
> much more secure than a pin number (that can easilly be stolen by a
> shopkeeper with a modified pinbad -- or just by someone looking over

Automatic signature recognition eh?  

Well I hope it's better than all the other automatic biometric systems
I've ever come across, because they all suck.

> Also I suspect that the hash of the pin may still be stored on the
> magnetic strip meaning you could trivially swipe a stolen card through
> a magstrip reader, get the hash and then brute-force it on a PC in a
> couple of minutes.
> 
> If that is indeed the case then I'd say the new system is materially
> less secure than the old one.

Yeah, all those bag snatchers are well equipped with magstripe readers
and PCs.  As opposed to eyes, which is all that's required to get the
signature off the back of a card!

doug.

-- 
   http://adju.st   | Here's something to think about: 
6973E2CF: 2C95 66AD | How come you never see a headline like 
1596 37D2 41FC 609F | 'Psychic Wins Lottery'?
76C0 A4EC 6973 E2CF |    -- Jay Leno
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list