[Gllug] OT - chip & pin
Nix
nix at esperi.org.uk
Mon Apr 3 19:17:19 UTC 2006
On Mon, 3 Apr 2006, t. clarke stipulated:
> surely the PIN is *not* stored on the card !
No, but the *pin you typed in* could be monitored.
> although difficult to 'read' the contents of the cards non-volatile memory
> it must be possible?
It's trivial, but as only an offset from the PIN is stored on the card,
reading it wouldn't help them.
> surely the card either stores the pin encypted in some fancy way, or a
> non-reversible 'digest' ??
Neither, it's much simpler than that :)
--
`Come now, you should know that whenever you plan the duration of your
unplanned downtime, you should add in padding for random management
freakouts.'
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list