[Gllug] natwest fantasticness
Mike Brodbelt
mike at coruscant.demon.co.uk
Sat Apr 24 23:46:55 UTC 2004
On Fri, 2004-04-09 at 22:27, Nix wrote:
> On Wed, 07 Apr 2004, Tethys moaned:
> > This new PIN
> > offset is written to the card via a magstripe writer in the ATM.
>
> I think they keep the offset on the card the same, and update the
> thing it offsets from in the bank's systems
I read somewhere (I think in one of Ross Anderson's papers, but I'm not
sure) that the PIN was the result of encrypting the account number using
a secret key held by the bank. The output was then mapped to a 4 digit
decimal number using a trivial scheme, and that became the initial PIN.
PIN changes were dealt with by storing an offset on the card magstripe,
and the ATM would read this, and compute the "real" PIN based on what
was entered by the user, and the offset. This was the number then sent
down the wire...
> (In fact, they must do it that way, or your PIN would autoreset
> whenever you got your card renewed.)
I think the above means the PIN only changes when you get a new accounr
number. With debit cards at least, the card number != account number, so
the PIN doesn't reset.
Mike.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list