Path: utzoo!utgpu!watmath!clyde!att!rutgers!tut.cis.ohio-state.edu!unmvax!ncar!noao!asuvax!anasaz!john
From: john@anasaz.UUCP (John Moore)
Newsgroups: comp.unix.wizards
Subject: Re: Here's a *BRILLIANT* password idea! (Sarcasm on)
Message-ID: <1483@anasaz.UUCP>
Date: 1 Dec 88 04:10:20 GMT
References: <438@amanue.UUCP> <10900@ulysses.homer.nj.att.com> <32305@think.UUCP>
Reply-To: john@anasaz.UUCP (John Moore)
Organization: Anasazi Inc, Phoenix AZ
Lines: 29

In article <32305@think.UUCP> barmar@kulla.think.com.UUCP (Barry Margolin) writes:
]In article <10900@ulysses.homer.nj.att.com> ekrell@hector.UUCP (Eduardo Krell) writes:
]>In article <438@amanue.UUCP> jr@amanue.UUCP (Jim Rosenberg) writes:
][ATM passwords are 4 digits]
]>I don't know about your bank, but mine will take away your card if you
]>enter the wrong PIN something like 3 or 5 times in a row (the ATM will
]>eat the card).
]
]Even without this, there are other safeguards.  First and foremost,
]the perpetrator needs your card.  Of course, if he has your card he
]doesn't really need to guess your password, since it is encoded on the
]card, so if he knows what he is doing he can simply change it.  If he
]doesn't have your card, but has instead manufactured a forged card, he
]doesn't need your password since he can put whatever password he wants
]on it.
The password is stored on the card encrypted with DES. If you don't know
the key, you can't write a password onto the card AND know what it is.
]
]you would have to stand there typing in passwords.  If you could enter
]a password every second it could take three hours to find a password.
]If the ATM spits out the card after a couple of bad passwords (as I
]think mine does) this could slow you down by an order of magnitude.
Often the ATM will eat the card if it detects a possible security
violation (more than 3 tries at a PIN, etc)
-- 
John Moore (NJ7E)           {decvax, ncar, ihnp4}!noao!nud!anasaz!john
(602) 861-7607 (day or eve) {gatech, ames, rutgers}!ncar!...
The opinions expressed here are obviously not mine, so they must be
someone else's. :-)