Insider attacks on PIN generation

Michael Simpson mikie.simpson at
Wed Feb 22 16:14:42 GMT 2012

On Wednesday, February 22, 2012, Ian Batten wrote:

> I have a memory of being told of an insider attack at a bank where
> programmers managed to force the system to issue PINs drawn from a very
> small set, so that with a stolen card they had a better than 50% chance of
> guessing the correct PIN within three attempts.   But I can't find it in
> the literature.  Anyone find it rings a bell?
> ian

I'm pretty certain that (initially) bank insiders didn't have any limit to
the number of times they could try a pin number, as there was no lock-out
for them, allowing them to try the usual combinations.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the ukcrypto mailing list