Chip and PIN
ukcrypto@chiark.greenend.org.uk
ukcrypto at chiark.greenend.org.uk
Fri, 25 Jan 2008 22:48:41 +0000
Nicholas Bohm wrote:
> The banks have fielded a system that relies on shared secrets. The fact
> that the secret has been used in an ATM is evidence either that the
> customer used it, or that an insider has purloined the secret from the
> bank, or that a third party has intercepted it (shoulder-surfing, skimmers).
> In an era in which assymetric cryptography makes reliance on shared
> secrets unnecessary, those who field systems that rely on shared secrets
> should not be allowed to claim that use of the secret is proof of use by
> the customer. That would give them a decent incentive to deploy more
> secure systems. In the meantime some crooks would get away with fraud.
> But that seems to me better than leaving the banks and the Ombudsman
> service to exercise a discretion about who they will believe and who
> they will not without any disclosure of any convincing evidence.
I think that's not quite a fair assessment. The PIN is shared between
the customer's brain and (as I understand it) a pool of HSMs and also
exposed to keyboards in various places of modest security.
Replacement with public key technology might require one of
- the customer to have incredible mental arithmetic
- using a key stored on the card; proving possession of the card and not much else
- replacing the card with a portable computer adequate in both power and security.
Mere existence of assymetric cryptography and making practical use of it with
most of the population are two different things. But I agree with the need to
restore balance to the adjuducation process.