Cryptography Reference
In-Depth Information
needs the plaintext from which the PIN is calculated; it cannot be calculated
from the card data alone, and (hopefully customer-specific) secrets can be mixed
in. This is actually done as a banker told me. Moreover, our cards can be used
at ATMs abroad. Do they all have online connections to our country?
Remedies
The current PIN method appears theoretically secure enough, but vulnerable in
practice. If breaking into the system increases faster than shown in Figure 6.10
in the coming years, then banks should consider migrating to more reliable
methods. This won't be cheap; we won't like paying for it indirectly, but it
will be necessary.
The first step towards improvement was made in 1998 when the key length
was extended. Whether or not it would have been cheaper to use the whitening
method described in Section 5.2.3 is hard to say. If there were doubts about
Triple-DES, then migrating to whitening would still have been possible: one bit
on the card could tell the ATM whether or not whitening should be activated.
In addition to other cryptographic modifications, all ATM cards and credit cards
will be chip cards in the future. This is desirable at least for one reason: they
would be more robust. Not without reason are magnetic cards read several
times and the results compared in some bank. Security also increases: the
article mentioned earlier [AndKuhn.tamp] describes clearly that chip cards are
not a secure hiding place for keys, but protected chips can no longer be read out
without destroying the chip. This represents a considerable barrier for attackers;
bank chip cards can't be bought at the store round the corner.
Details on PIN generation, including literature references, can be found in the
pin.txt
and
wcf.txt
files on our Web site.
6.6.9 Biometric Methods
You have seen how many problems PINs, passwords, and passphrases can
cause, and there will be more examples. Bad passwords and PINs written
down noticeably are security problems that should not be underestimated; they
increase as the number of chip cards and magnetic cards and logins on various
computers rises. And to date, I don't see any improvement in software, whereas
it could easily deny bad passwords, for example. So what next?
One intuitive way out of this dilemma is biometrics. How intensely this field
is being researched can be observed at trade fairs, like the CeBIT: the number
