Path: utzoo!utgpu!watmath!clyde!bellcore!rutgers!deimos!uxc!uwmcsd1!marque!uunet!munnari!mimir!hugin!augean!sirius!eco!nt!levels!ccdn From: ccdn@levels.sait.edu.au (DAVID NEWALL) Newsgroups: comp.unix.wizards Subject: Re: Here's a *BRILLIANT* password idea! (Sarcasm on) Message-ID: <855@levels.sait.edu.au> Date: 3 Dec 88 14:35:59 GMT References: <438@amanue.UUCP> <10900@ulysses.homer.nj.att.com> <32305@think.UUCP> <3057@ingr.UUCP> Organization: Sth Australian Inst of Technology Lines: 22 In article <3057@ingr.UUCP>, crossgl@ingr.UUCP (Gordon Cross) writes: > As I understand it, the only thing encoded on the card itself is the card > number (the UNIX equivalent of a user name). The card holder must supply > his secret number which the ATM forwards (along with the card number) to the > bank's central computer for verification. Presumably this information is > encrypted to prevent someone from tapping the transmission... It is not possible for ATMs to be on-line *all* the time. There are many reasons for this, one of which is, I believe, scheduled downtime. However, even when the ATM is off-line, it still functions (although some functions, account balance enquiry for example, are unavailable). From this I conclude that the PIN can be verified from information recorded on the card. I guess that *my* PIN is encrypted, and stored on the card, although milage may vary from bank to bank. One hopes that the encryption mechanism used is kept secret. David Newall Phone: +61 8 343 3160 Unix Systems Programmer Fax: +61 8 349 6939 Academic Computing Service E-mail: ccdn@levels.sait.oz.au SA Institute of Technology Post: The Levels, South Australia, 5095