Cryptography Reference
In-Depth Information
How Secure is the PIN?
From the cryptological viewpoint, the PIN is pretty secure. There is no mean-
ingful chance for brute force at the ATM: for some reason or other, no PIN
was to begin with a zero up to the end of 1997 (probably because they thought
customers wouldn't type it); but that still leaves 9000 possible values. The
chances are 1 to 3000 that money can be made with stolen ATM cards. That's
not rewarding. If only every 3000th attempt succeeds, then the statistical profit
per card is only 1/3000 of the amount maximally achievable. To make sure the
impostor makes some profit from his undertakings on average, the statistically
minimum earnings should be 24 dollars to cover the cost for the carnival mask
mentioned above, even in one single theft, i.e., a thief would have to make
more than 24
∗
3000
=
72 000 dollars per guessed PIN. With
this
sort of calcu-
lation, the mask manufacturer might subsidize the banks' loss even at a ratio
of five to ten cards per thief. (Unfortunately, there are more effective methods,
including cryptanalytical methods.)
Otherwise, there is a good reason why the PIN is created from the cipher.
Compare this method with the verification of UNIX passwords (Section 3.3)
where the password is part of the key. Here, this is out of the question, because
the PIN is limited to four digits, and brute force would be a kid's game. Based
on current knowledge, the PIN can only be recovered by brute force. If you
hear to the contrary, don't believe it. Whoever publicly claims to be able to
calculate the PIN without brute force (i.e., on a conventional PC, for example)
would have to exploit a DES vulnerability. As it happens, the most capable
cryptologists in the world (in the publicly accessible area) have not found it in
twenty years.
Consequently, the entire system's security depends on keeping the four DES
keys secret. If you know the PIN key you can
calculate
the PIN. This means
that any ATM card or credit card turns into a gold mine, and based on the
current legal situation (which will hopefully change), banks even blame their
defrauded customers.
But brute force is no longer impossible, as the special
Deep Crack
and
Copa-
cobana
computers introduced in Section 4.4.1 showed. Most ATM cards get
stolen abroad (where the ATMs work offline with our cards). Whether or not
the thieves owned a DES crack machine might never transpire.
On the other hand, you need to know the PIN of four or five ATM cards to
mount this brute-force attack, because one PIN alone isn't enough to reveal the
PIN key. This is not a barrier for organized crime syndicates.
