Path: utzoo!utgpu!watmath!clyde!bellcore!rutgers!deimos!uxc!uwmcsd1!marque!uunet!munnari!mimir!hugin!augean!sirius!eco!nt!levels!ccdn
From: ccdn@levels.sait.edu.au (DAVID NEWALL)
Newsgroups: comp.unix.wizards
Subject: Re: Here's a *BRILLIANT* password idea! (Sarcasm on)
Message-ID: <855@levels.sait.edu.au>
Date: 3 Dec 88 14:35:59 GMT
References: <438@amanue.UUCP> <10900@ulysses.homer.nj.att.com> <32305@think.UUCP> <3057@ingr.UUCP>
Organization: Sth Australian Inst of Technology
Lines: 22

In article <3057@ingr.UUCP>, crossgl@ingr.UUCP (Gordon Cross) writes:
> As I understand it, the only thing encoded on the card itself is the card
> number (the UNIX equivalent of a user name).  The card holder must supply
> his secret number which the ATM forwards (along with the card number) to the
> bank's central computer for verification.  Presumably this information is
> encrypted to prevent someone from tapping the transmission...

It is not possible for ATMs to be on-line *all* the time.  There are many
reasons for this, one of which is, I believe, scheduled downtime.  However,
even when the ATM is off-line, it still functions (although some functions,
account balance enquiry for example, are unavailable).

From this I conclude that the PIN can be verified from information recorded
on the card.  I guess that *my* PIN is encrypted, and stored on the card,
although milage may vary from bank to bank.

One hopes that the encryption mechanism used is kept secret.

David Newall                     Phone:  +61 8 343 3160
Unix Systems Programmer          Fax:    +61 8 349 6939
Academic Computing Service       E-mail: ccdn@levels.sait.oz.au
SA Institute of Technology       Post:   The Levels, South Australia, 5095