Path: utzoo!utgpu!watmath!clyde!att!rutgers!tut.cis.ohio-state.edu!unmvax!ncar!noao!asuvax!anasaz!john From: john@anasaz.UUCP (John Moore) Newsgroups: comp.unix.wizards Subject: Re: Here's a *BRILLIANT* password idea! (Sarcasm on) Message-ID: <1483@anasaz.UUCP> Date: 1 Dec 88 04:10:20 GMT References: <438@amanue.UUCP> <10900@ulysses.homer.nj.att.com> <32305@think.UUCP> Reply-To: john@anasaz.UUCP (John Moore) Organization: Anasazi Inc, Phoenix AZ Lines: 29 In article <32305@think.UUCP> barmar@kulla.think.com.UUCP (Barry Margolin) writes: ]In article <10900@ulysses.homer.nj.att.com> ekrell@hector.UUCP (Eduardo Krell) writes: ]>In article <438@amanue.UUCP> jr@amanue.UUCP (Jim Rosenberg) writes: ][ATM passwords are 4 digits] ]>I don't know about your bank, but mine will take away your card if you ]>enter the wrong PIN something like 3 or 5 times in a row (the ATM will ]>eat the card). ] ]Even without this, there are other safeguards. First and foremost, ]the perpetrator needs your card. Of course, if he has your card he ]doesn't really need to guess your password, since it is encoded on the ]card, so if he knows what he is doing he can simply change it. If he ]doesn't have your card, but has instead manufactured a forged card, he ]doesn't need your password since he can put whatever password he wants ]on it. The password is stored on the card encrypted with DES. If you don't know the key, you can't write a password onto the card AND know what it is. ] ]you would have to stand there typing in passwords. If you could enter ]a password every second it could take three hours to find a password. ]If the ATM spits out the card after a couple of bad passwords (as I ]think mine does) this could slow you down by an order of magnitude. Often the ATM will eat the card if it detects a possible security violation (more than 3 tries at a PIN, etc) -- John Moore (NJ7E) {decvax, ncar, ihnp4}!noao!nud!anasaz!john (602) 861-7607 (day or eve) {gatech, ames, rutgers}!ncar!... The opinions expressed here are obviously not mine, so they must be someone else's. :-)