[Gllug] natwest fantasticness
Robert McKay
robert at mckay.com
Tue Apr 6 11:19:38 UTC 2004
> > > Its like this new Chip and Pin. If thats more secure than a personal
> > > thing like a signiture then I'm not a computer programmer. In this age
> > > where we think seriously of using a 128 bit encription the creditcard
> > > company go and use a 10bit key! Rather than a much large key that they
> > > were using before ie somones signiture.
> >
> > Really? How often does anybody check your signature? One time in 50 if
> > you're lucky.
>
> Too right. *ANYTHING* is more secure than a signature.
>
> doug.
Perhaps they could use automatic signature recognition. That might be
much more secure than a pin number (that can easilly be stolen by a
shopkeeper with a modified pinbad -- or just by someone looking over
your shoulder) and would at least leave an audit trail that could be
examined in the event of fraud. Also I suspect that the hash of the pin
may still be stored on the magnetic strip meaning you could trivially
swipe a stolen card through a magstrip reader, get the hash and then
brute-force it on a PC in a couple of minutes.
If that is indeed the case then I'd say the new system is materially
less secure than the old one.
-Rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20040406/eba40cab/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list