Insider attacks on PIN generation
Michael Simpson
mikie.simpson at gmail.com
Wed Feb 22 16:14:42 GMT 2012
On Wednesday, February 22, 2012, Ian Batten wrote:
> I have a memory of being told of an insider attack at a bank where
> programmers managed to force the system to issue PINs drawn from a very
> small set, so that with a stolen card they had a better than 50% chance of
> guessing the correct PIN within three attempts. But I can't find it in
> the literature. Anyone find it rings a bell?
>
> ian
I'm pretty certain that (initially) bank insiders didn't have any limit to
the number of times they could try a pin number, as there was no lock-out
for them, allowing them to try the usual combinations.
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20120222/540a1cf5/attachment.html>
More information about the ukcrypto
mailing list