Password Difficulties
Kent Borg
kentborg at world.std.com
Tue Jul 5 19:24:22 PDT 1994
karn at qualcomm.com writes:
>There's a difference: as far as I know, ATM PINs can't be cracked
That would make a difference, but how trustworthy is that fact?
Nostalgia time:
The first cash card I ever had was crackable. When I opened the
account at Minnesota Federal the teller passed me this out-sized
calculator, I punched in my chosen (6-digit) PIN, she punched in their
(presumed) salt, and she recorded the 5 or 6 digit number the machine
produced (I forget that detail).
Boy was I intrigued! I asked my math-major big sister how one could
figure out what someone's PIN was given the output it gave them. She
didn't know enough about cryptography to give me an interesting
answer, she simply pointed out that it need not be a linear
function...
The encrypted number was embossed on my card. I could walk up to the
various small terminals scattered in places like grocery stores, tell
it I wanted $5, get the chit it printed, bring it to a cashier, and
get the money.
I am glad I am a pack-rat, someplace I have the old card and all the
receipts, I wonder where that number showed up, etc. Will have to
poke around...
Ob-Password-Item: The PIN I chose? The frail "266367"; amazing how
easily it came back to my fingers when I just now tried it on a
telephone-style keypad (as they used in that system).
Don't worry, that account (and system) is long dead...there is no
money in it any longer. My PIN choice does date the system rather
closely, however. (And with an appropriately cypherpunk-paranoid type
connection, I might add.)
And in retrospect, my choice of a PIN was not *so* bad considering how
thin the whole system was...well, OK, it was pretty weak.
Anyone know what obscurity was in that box?
-kb, the Kent who sometimes feels like an oldtimer
--
Kent Borg +1 (617) 776-6899
kentborg at world.std.com
kentborg at aol.com
Proud to claim 31:15 hours of TV viewing so far in 1994!
More information about the cypherpunks-legacy
mailing list