The wisdom of the ill informed
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Jul 1 08:01:51 EDT 2008
Ed Gerck <edgerck at nma.com> writes:
>dan at geer.org wrote:
>> So I hold the PIN constant and vary the bank account number.
>
>This is, indeed, a possible attack considering that the same IP may be
>legitimately used by different users behind NAT firewalls and/or with dynamic
>IPs. However, there are a number of reasons, and evidence, why this attack
>can be (and has been) prevented even for a short PIN:
It's a pity that Kjell Hole et al didn't know this was impossible when they
mounted exactly this attack against the Norwegian banking system :-).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list