Re: Why is 3DES favoured over AES?



Am 21.05.2011 06:52, schrieb Will Janoschka:

The current block size for payment cards is 2^13 (4 digets)
The simplest break for a PIN is to try all of them. Banks provide
no detection for this. even with the key being unique for each
transaction.

You are right; for payment cards that's a more serious security issue.
But then the fact that the financial people have in a document a few
years ago specified the use of 3DES presumably means that national
and international transfers (of big sums) between banks are also to
be done with 3DES. In that case it would however be questionable why
at least that is not done with AES, since that migration shouldn't
incur costs and other problems of a magnitude comparable to a migration
with respect to the payment cards. Could someone knowledgeable say
a bit about that? Thanks.

M. K. Shen
.



Relevant Pages

  • Re: Chip & Pin Fraud
    ... going on as long as banks have been around. ... govern your use of your Chip and PIN card? ... Banks must prove the authenticity of their customers' handwritten ...
    (uk.finance)
  • Re: HELP, Vulnerability in Debit PIN Encryption security, possibly
    ... not the case where PIN encryption had to be ... derived from the card number because the card PIN was checked at the ... do indeed do a better job of encrypting PINs than the banks do (because it's ... If a PIN entry device was known to be ...
    (sci.crypt)
  • Re: Password Protection et al- An Idealised Scheme.
    ... banks would not let other banks know their PIN validation ... be checked locally by each ATM. ... And PIN revocation lists. ... And account limits - the banks cannot legitimately refuse to dispense money when people have it in their account, but for many customers they do not want to pay out unless they do have money in their account. ...
    (sci.crypt)
  • Re: OT: warning about using Debit cards at stores
    ... massive publicity to get your money back. ... all your fault and the PIN must have been written on the card. ... Not true even if you have to give up your pin code: ... the banks would summarily deny "my card was stolen" ...
    (sci.electronics.design)
  • Re: [fw-wiz] strong passwords (was Radius/MS ISA stuff)
    ... > forced to change this PIN code... ... token, ATM card), and something you know. ... multi-factor authentication mechanisms. ... most banks apply a three-strikes rule. ...
    (Firewall-Wizards)