PIN's and credit cards.

[Ross Anderson]

> The work isn't bogus, it is professionally done by good people.

I disagree. In pretty well every case, once banking community security
designs are exposed to the gaze of the general security community, all
sorts of dreadful flaws get found.

An earlier example is SWIFT's use of RSA with encryption first, then
signature, and no hash function - which we wrote about at Crypto 96
(and caused some tearful comments from its inventor). Another was
SWIFT's use of a proprietary MAC algorithm, subsequently hammered by
the guys at Leuven. There there's the whole string of API attacks,
meet-in-the-middle attacks etc on security modules.

The banking security community is dreadfully smug and introverted. I
used to work there, during the mid-to-late 80s. I wasn't even aware of
the existence of conferences such as Crypto and Eurocrypt until, I
think, 1989.

Somewhat similar comments might be made about the government security
community. I'm not a former insider there, but readers of this list
will remember the key escrow protocol that GCHQ tried to get us all
to use back in the mid-1990s...

If you think that small, isolated security communities are viable,
read Jared Diamond's `Guns, Germs and Steel' :-)

Ross