There is nothing unglamorous about a known plaintext attack, if the plaintext is choosen carefully. I don't know anything about bank ATMs and the protocols they use, but I presume the PIN is stored on the card single DES encrypted. If this is so, anyone can take an ATM card, attack it to recover the key and then use that key to recover the PIN for any stolen ATM card of that bank (or that branch). Hopefully, the ciphertext/plaintext pair that RSA announces will be a real target like this, with the actual key disabled. Once the key is recovered, the press can then claim that ATM cards are not safe any longer.

Stolen ATM cards are actually not that valuable. They have fixed limits and require physical presence to exploit. Try swift/forex/etc. secret des keys.. those are valuable. -- Sameer Parekh Voice: 510-986-8770 President FAX: 510-986-8777 C2Net C2Net is having a party: http://www.c2.net/party/ http://www.c2.net/ sameer@c2.net