Re: the official end of DES (not triple DES) is announced
From: Bodo Moeller (moeller_at_cdc.informatik.tu-darmstadt.de)
Date: 07/28/04
- Next message: Nigel Smart: "Re: ECC Encryption"
- Previous message: Stanley Chow: "Re: White-Box Cryptography"
- In reply to: Bill Unruh: "Re: the official end of DES (not triple DES) is announced"
- Next in thread: Lassi Hippeläinen: "Re: the official end of DES (not triple DES) is announced"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Jul 2004 05:36:20 +0000 (UTC)
Bill Unruh <unruh@string.physics.ubc.ca>:
>> As a sample of
>> the private sector in the US, http://www.atmmachine.com/3DES.htm tells
>> us that ATMs supporting only single-DES for protecting data such as
>> customer PINs can remain in operation until December 31, 2005 in
>> various networks (for MasterCard, it's April 1, 2005; for Visa, it's
>> "not defined").
> Since the customer pin is only 4 digits, almost anything is stronger than
> the pin anyway.
You can find a 56-bit DES key through a passive brute-force search
attack (thus exposing any secret transmitted over the DES-protected
link), but you can't easily use brute-force search to find a PIN that
can only be verified online.
It is true that four-digit PINs are arguably much too weak: consider
ATM/credit cards as free lottery tickets for patient pick-pockets
where one in 3333 wins. But using weak encryption clearly does make
things even worse.
- Next message: Nigel Smart: "Re: ECC Encryption"
- Previous message: Stanley Chow: "Re: White-Box Cryptography"
- In reply to: Bill Unruh: "Re: the official end of DES (not triple DES) is announced"
- Next in thread: Lassi Hippeläinen: "Re: the official end of DES (not triple DES) is announced"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
