17 Dec
2003
17 Dec
'03
11:17 p.m.
At 11:10 PM 1/7/97 -0000, Liz Taylor wrote:
I don't know anything about bank ATMs and the protocols they use, but I presume the PIN is stored on the card single DES encrypted. If this is so, anyone can take an ATM card, attack it to recover the key and then use that key to recover the PIN for any stolen ATM card of that bank (or that branch). Hopefully, the ciphertext/plaintext pair that RSA announces will be a real target like this, with the actual key disabled. Once the key is recovered, the press can then claim that ATM cards are not safe any longer.
Your self-assessment is admirably accurate, but the presumption is not.