There is nothing unglamorous about a known plaintext attack, if the plaintext is choosen carefully. I don't know anything about bank ATMs and the protocols they use, but I presume the PIN is stored on the card single DES encrypted. If this is so, anyone can take an ATM card, attack it to recover the key and then use that key to recover the PIN for any stolen ATM card of that bank (or that branch). Hopefully, the ciphertext/plaintext pair that RSA announces will be a real target like this, with the actual key disabled. Once the key is recovered, the press can then claim that ATM cards are not safe any longer. On a related note, do you think the key will first be recovered by a hardware device or by the Great Internet DES Key Search? Hardware is much faster, but no such device exists in the private/amateur sector now. Estimates are that it will take 10 months to actually build such a device. Opinions?