Create an Account
username: password:
 
  MemeStreams Logo

My K-Rad Weblog

search

Darwin
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Darwin's topics
Arts
  Movies
   Comedy
  Electronic Music
Tech Industry
Games
Health and Wellness
Miscellaneous
Current Events
Recreation
Science
  Chemistry
Society
  Politics and Law
   Intellectual Property
Technology
  Computers
   Computer Security
    (Cryptography)
   PC Hardware
   Software Development
    Open Source Development
    Perl Programming
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Current Topic: Cryptography

Decimalisation Table Attacks for PIN Cracking [PDF]
Topic: Cryptography 1:43 am EST, Feb 25, 2003

We present an attack on hardware security modules used by retail banks for the secure storage and verification of customer PINs in ATM (cash machine) infrastructures.

By using adaptive decimalisation tables and guesses, the maximum amount of information is learnt about the true PIN upon each guess. It takes an average of 15 guesses to determine a four digit PIN using this technique, instead of the 5000 guesses intended.

In a single 30 minute lunch-break, an attacker can thus discover approximately 7000 PINs rather than 24 with the brute force method. With a $300 withdrawal limit per card, the potential bounty is raised from $7200 to $2.1 million and a single motivated attacker could withdraw $30-50 thousand of this each day.

This attack thus presents a serious threat to bank security.

Ross Anderson's students are getting into the act.

(You can also find a mirror copy of this paper, with slightly different formatting, at http://cryptome.org/dtapc.pdf )

Decimalisation Table Attacks for PIN Cracking [PDF]


Unmask
Topic: Cryptography 3:14 am EDT, Sep 17, 2002

Unmask is a python script that allows you to break the anonymity of e-mail or other text. It works by doing basic statistical matching against stored "signatures." It may require some tweaking to fit your particular use to it (un-anonymizing IRC chats, email, web pages on FreeNet, etc). Another fun parlor game use is using it to distinguish between two groups of any kind. Male/Female, Engineers/Computer Scientists, Scientists/Liberal Arts Majors, etc. If you improve it in some way, please send me (dave@immunitysec.com) a note. Unmask is released under the GNU GPL v2.0.

Unmask


 
 
Powered By Industrial Memetics
RSS2.0