[Gllug] OT - chip & pin

[Benedikt Heinen]

> I will accept it if the card is plugged into the numeric keypad, I am 
> much more reluctant to do so if my PIN has to travel down a wire into a 
> till.

But - if you plug the card into the keyboard, does that "prove" that the 
PIN doesn't go down the wire?  That would only make sense, if the keyboard 
itself was tamper-proof and sealed by a reputed manufacturer. Since that 
isn't the (*obvious*) case, I might think it just as likely, that the 
keyboard, pin display and card adapter is nothing more than a dumb 
terminal and will relay information back and forth to the processing unit 
outside.  (this might actually make sense from the manufacturer's point of 
view - since everyone can take the keyboard and everything into their own 
hands and potentially even drop it, the less processing logic there is 
built into the keyboard, the less there is to be replaced/repaired if some 
dolt breaks it).


>> Now whether it was actually implemented this way I don't know - perhaps
>> they removed this intelligence to save money, but if they did it rather
>> defeats the point of Chip and Pin.

It wouldn't *defeat* the purpose, but it would, at least, introduce more 
possible points of attack...



     Benedikt

   ALLIANCE, n.  In international politics, the union of two thieves who
     have their hands so deeply inserted in each other's pockets that
     they cannot separately plunder a third.
 			(Ambrose Bierce, The Devil's Dictionary)
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug