Tankolas atveres!

pyxys1 pyxys1 at westel900.net
Mon Aug 25 14:02:00 CEST 2003 

Szia pyxys1,

Monday, August 25, 2003, 1:49:34 PM, you wrote:

p> Szia ghid,

p> Monday, August 25, 2003, 1:36:58 PM, you wrote:

g>> Ezzel tovabbra is azt allitod, hogy a kartyaadatok ismereteben
g>> szamolhato a pin kod.... De azt nem az atm authorizalja, hanem a
g>> bank, nem?


 nem tom, hogy milyen lesz mélben, de beidézem.

 
Figure 2: Common PIN calculation methods
storage to manipulate an entire database of customer account records. Instead, a scheme
was developed where the customer's PIN could be calculated from their account number
by encryption with a secret key. The account number was made available on the magnetic
stripe of the card, so the ATM only needed to securely store a single cryptographic key.
An example PIN calculation is shown in Figure 4.
The account number is represented using ASCII digits, and then interpreted as a
hexadecimal input to the DES block cipher. After encryption with the secret \PIN generation"
key, the output is converted to hexadecimal, and all but the rst four digits
are discarded. However, these four digits might contain the hexadecimal digits `A'-`F',
which are not available on a standard numeric keypad and would be confusing to customers,
so they are mapped back to decimal digits using a \decimalisation table" (Figure
3).
0123456789ABCDEF
0123456789012345
Figure 3: A typical decimalisation table
Account Number 4556 2385 7753 2239
Encrypted Accno 3F7C 2201 00CA 8AB3
Shortened Enc Accno 3F7C
0123456789ABCDEF
0123456789012345
Decimalised PIN 3572
Public Offset 4344
Final PIN 7816


The example PIN of 3F7C thus becomes 3572. Finally, to permit the cardholders to
change their PINs, an oset is added which is stored in the mainframe database along
with the account number. When an ATM veries an entered PIN, it simply subtracts
the oset from the card before checking the value against the decimalised result of the
encryption.

jól látható, hogy hogyan lesz az "igazi pin" ből és az ofszetból a
public pin.  és az is jól olvasható, hogy rajta van a kártyán.


-- 

Best regards,
 pyxys1                            mailto:pyxys1 at westel900.net

More information about the Elektro mailing list