The wisdom of the ill informed
Ed Gerck
edgerck at nma.com
Mon Jun 30 15:55:16 EDT 2008
Allen wrote:
> During the transmission from an ATM machine 4 numeric characters are
> probably safe because the machines use dedicated dry pair phone lines
> for the most part, as I understand the system. This, combined with
> triple DES, makes it very difficult to compromise or do a MIM attack
> because one can not just tap into the lines remotely.
We are in agreement. Even short PINs could be safe in a bank-side
authenticated (no MITM) SSL connection with 128-bit encryption.
What's also needed is to block multiple attempts after 3 or 4 tries,
in both the ATM and the SSL online scenarios.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list