Chip and PIN is Broken
in [Cryptography]
|
Prev: Another informative pronouncement from Smug Doug Gwyn
Next: Protecting 3x16 bits with 16 bits ? (Which error correcting code for mode 3?)
From: Jan Panteltje on 12 Feb 2010 10:05 Chip and PIN is Broken: http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf
From: Skybuck Flying on 12 Feb 2010 11:21 "Jan Panteltje" <pNaonStpealmtje(a)yahoo.com> wrote in message news:hl3qn3$hvu$1(a)news.albasani.net... > > Chip and PIN is Broken: > http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf So if I understand correctly from the picture/schematic: It needs a stolen PIN card ? Without a stolen PIN card the attack cannot happen ? So as long as I/we keep our PIN cards safe, our bank account is safe ? However I can see the danger here: "Scimmers" "stealing the magnetic strip" and "reproducing our cards". Bye, Skybuck.
From: unruh on 12 Feb 2010 13:21 On 2010-02-12, Jan Panteltje <pNaonStpealmtje(a)yahoo.com> wrote: > > Chip and PIN is Broken: > http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken.pdf Nice paper-- the usual Ross Anderson protection of the consumer piece. To summarize, they show that a stolen card for which the thief does not know the pin, can nevertheless be used to make purchases which claim to be verified by PIN. Ie, the pin is useless for protecting stolen cards.
From: Izak van Langevelde on 12 Feb 2010 19:03 In article <cc9ac$4b757fe0$d53371df$30642(a)cache6.tilbu1.nb.home.nl>, "Skybuck Flying" <IntoTheFuture(a)hotmail.com> wrote: > "Jan Panteltje" <pNaonStpealmtje(a)yahoo.com> wrote in message > news:hl3qn3$hvu$1(a)news.albasani.net... > > > > Chip and PIN is Broken: > > http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken. > > So if I understand correctly from the picture/schematic: > > It needs a stolen PIN card ? Without a stolen PIN card the attack cannot > happen ? EMV is nou ook weer niet zo lek dat je helemaal niets meer nodig hebt om te frauderen... > So as long as I/we keep our PIN cards safe, our bank account is safe ? > > However I can see the danger here: > > "Scimmers" "stealing the magnetic strip" and "reproducing our cards". EMV is weer wat anders dan een kaartje met magstripe... -- Grinnikend door het leven...
From: Richard Outerbridge on 12 Feb 2010 20:26
In article <slrnhnb71r.3rj.unruh(a)wormhole.physics.ubc.ca>, unruh <unruh(a)wormhole.physics.ubc.ca> wrote: > On 2010-02-12, Jan Panteltje <pNaonStpealmtje(a)yahoo.com> wrote: > > > > Chip and PIN is Broken: > > http://www.cl.cam.ac.uk/research/security/banking/nopin/oakland10chipbroken > > Nice paper-- the usual Ross Anderson protection of the consumer piece. > To summarize, they show that a stolen card for which the thief does not > know the pin, can nevertheless be used to make purchases which claim to > be verified by PIN. Ie, the pin is useless for protecting stolen cards. Under certain circumstances. The attack is more than a little remote. Their point is that it is entirely permitted by the somewhat malleable EMV specifications. outer |