Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
ATM keypads get a security boost
Kevin Poulsen, SecurityFocus 2004-07-20

Credit card companies are responding to a host of high and low-tech attacks on the sanctity of your ATM code.

Comments Mode:
Where does the PED get the key? 2004-07-20
Anonymous (3 replies)
The encryption key used for 3DES to encrypt the pin must not be known to the rest of the ATM. So does the PED create a secure and authenticated channel with the Bank and then transmit the encrypted pin? If so, how does it form this channel and thus choose the key? Is there a PKI involved, or are ...

[ more ]  [ reply ]
Where does the PED get the key? 2004-07-21
Anonymous (1 replies)
PED uses master and session keys which are feed from a HSM.

check out the thalus HSM....

[ more ]  [ reply ]
Where does the PED get the key? 2004-07-23
Eduardo Ventura - Redecard
Actually, not always from HSMs, normally they have internal virtual slots located in the criptograph of the terminal.

If you have any doubt, I am available.

Rgs

Eduardo Ventura

(eduardo.ventura (at) redecard.com (dot) br [email concealed])...

[ more ]  [ reply ]
Where does the PED get the key? 2004-07-21
Anonymous
The key is built into the hardware PED. ...

[ more ]  [ reply ]
Where does the PED get the key? 2004-07-22
Anonymous
the kEy can be entered manually, or across the network (there are some key management software for ATMS). the key is stored on the ped. the key is created by the network operator, using software, a game of bingo (have seen that!!) or any other way they may consider aproppiate.

...

[ more ]  [ reply ]
ATM keypads get a security boost 2004-07-21
Anonymous (1 replies)
but ofcourse it won't help.... pin codes are stolen through various methods which usually don't require breakin any code.......

[ more ]  [ reply ]
ATM keypads get a security boost 2004-07-22
Anonymous
which doesn't been they have to do anything in their power to minimize the chance of having the code/card combination obtained from the ATM. As I heard recently, there is no patch for human stupidity. Giving out your pin-code to anybody who asks for it, not keeping track of your card and not watchin...

[ more ]  [ reply ]
ATM keypads get a security boost 2004-07-21
Anonymous (1 replies)
Why are atm pin codes still 4 numeric digits?...

[ more ]  [ reply ]
ATM keypads get a security boost 2004-07-28
Anonymous
One word - people. Any longer and you spend forever fishing cards out the machine !...

[ more ]  [ reply ]
ATM keypads get a security boost 2004-07-22
Anonymous (1 replies)
No one could ever brute force crack a 4 digit pin, I don't care what encryption method was used.. er.. other than maybe something public private key based =p...

[ more ]  [ reply ]
ATM keypads get a security boost 2004-07-26
Anonymous
are you nuts? There is only 9999 possible combinations, brute forcing would take seconds with the right equipment...

[ more ]  [ reply ]
ATM keypads get a security boost 2004-07-26
Anonymous (3 replies)
IMO, and I am no expert, the key is on the card itself and you must enter on the pad the PIN and the machine hashes it with DES and matches it to the hash on your card....

[ more ]  [ reply ]
ATM keypads get a security boost 2004-07-27
Anonymous
the key is definitely not on the card. i can call my bank and have them change my pin for me and they never ask for my card. all the card has is the bank routing number and your account number. the pin you enter is matched to that in the banks database....

[ more ]  [ reply ]
ATM keypads get a security boost 2004-07-27
Anonymous
The how does my card know when I change my PIN at the bank? They don't re-encode my card.......

[ more ]  [ reply ]
ATM keypads get a security boost 2004-07-28
Anonymous
someones been reading old copies of theHAQ or something similar :)...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus