The wisdom of the ill informed

Ed Gerck edgerck at nma.com
Mon Jun 30 14:30:44 EDT 2008 

dan at geer.org wrote:
> Ed Gerck writes:
> -+--------------
>  | ...
>  | Not so fast. Bank PINs are usually just 4 numeric characters long and 
>  | yet they are considered /safe/ even for web access to the account 
>  | (where a physical card is not required).
>  | 
>  | Why? Because after 4 tries the access is blocked for your IP number 
>  | (in some cases after 3 tries).
>  | ...
> 
> 
> So I hold the PIN constant and vary the bank account number.

Dan,

This is, indeed, a possible attack considering that the same IP may be 
legitimately used by different users behind NAT firewalls and/or with 
dynamic IPs. However, there are a number of reasons, and evidence, why 
this attack can be (and has been) prevented even for a short PIN:

1. there is a much higher number of combinations in a 12-digit account 
number;

2. banks are able to selectively block IP numbers for the /same/ 
browser and /same/ PIN after 4 or 3 wrong attempts, with a small false 
detection probability for other users of the same IP (who are not 
blocked). I know one online system that has been using such method for 
protecting webmail accounts, with several attacks logged but no 
compromise and no false detection complaints in 4 years.

3. some banks reported that in order to satisfy FFIEC requirements for 
two-factor authentication, but without requiring the customer to use 
anything else (eg, a dongle or a "battle ship map"), they were 
detecting the IP, browser information and use patterns as part of the 
authentication procedure. This directly enables #2 above.

I also note that the security problem with short PINs is not much 
different than that with passwords, as users notoriously choose 
passwords that are easy to guess. However, an online system that is 
not controlled by the attacker is able to likewise prevent multiple 
password tries, or multiple account tries for the same password.

Cheers,
Ed Gerck

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list