1 / 8

Decimalisation table attacks for PIN cracking

Decimalisation table attacks for PIN cracking. Mike Bond, Piotr Zielinski. February 2003. Published by the University of Cambridge Computer Laboratory. Presented by Kai Chai. Overview. This article explain how to utilize a flaw of IBM 3624 to attack for PIN cracking.

ryan-page
Download Presentation

Decimalisation table attacks for PIN cracking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Decimalisation table attacks for PIN cracking Mike Bond, Piotr Zielinski February 2003 Published by the University of Cambridge Computer Laboratory Presented by Kai Chai

  2. Overview This article explain how to utilize a flaw of IBM 3624 to attack for PIN cracking. Key word in the article: PIN generation key: It is a secret DES key, which can be used to calculate the customer’s original PIN. Decimalization Table: it is a many-to-one mapping between hexadecimal digits and numeric digits, which can be used to convert ciphertext into a PIN

  3. Appreciation • The article gave a deep analysis about PIN cracking, the content is specific, well organized, the examples are helpful for understanding. For example: It gave Decimalization Table (IBM3624) at first: 0123456789abcdef 0123456789012345 Then described verification Techniques:

  4. Appreciation cont IBM 3624-offset PIN Generation Method Account Number 4556 2385 7753 2239 Encrypted Accno 3F7c 2201 00ca 8ab3 Shortened Enc accno 3f7c Decimalised table 0123456789abcdef 0123456789012345 Decimalised PIN 3572 Public Offset 4344 Final PIN 7816

  5. Appreciation cont Then gave details about PIN cracking by modified the Decimalise Table. Firstly, the programmer can first using only at most 10 guesses to find all the digits that constitute the original PIN At second stage they try every possible combination, or determine the positions of the digits present in the PIN.

  6. Appreciation cont • The prevention is valuable. 1.The Decimalized table input must be cryptographically protected. 2.Unskewed randomly generated PINs stored encrypted in an online database.

  7. Criticism • Some examples are quite hard to understand. • Only describe attack on theory, not give practice. For example how to find decimalisation table in machine code?

  8. Question API, encrypted PIN Block. Can approach decimalization table. ATM product programmer PIN database, can approach encrypted accno, card reader. Bank programmer ATM How can they associate with each others to crack PIN? Does it mean that ATM Pins are still secure? Thief

More Related