[Home]ChipAndPin/AnotherSolution

ec2-34-229-119-176.compute-1.amazonaws.com | ToothyWiki | ChipAndPin | RecentChanges | Login | Advent calendar | Webcomic

In /IdealSolution?, the conversation ran around how easy it was to clone a card, and how difficult it was to protect the contents of the card with encryption with a key that the cardholder memorises.

The problem is that if one puts a private key capable of signing digital cheques on card, then it can be stolen. Even if one encrypts that private key with some passphrase that the cardholder knows, the private key can still be stolen (because it will be impossible to get the cardholder to memorise a good enough passphrase to resist brute-force decryption).

The solution to this problem is to remove the possibility for brute-forcing the passphrase. The current system of a 4-digit PIN as a passphrase depends on the bank itself performing the passphrase verification - that way they can only allow three tries etc. Therefore, a viable solution to the card system is as follows:

Pros


Cons



ec2-34-229-119-176.compute-1.amazonaws.com | ToothyWiki | ChipAndPin | RecentChanges | Login | Advent calendar | Webcomic
Edit this page | View other revisions | Recently used referrers
Last edited March 16, 2004 10:31 am (viewing revision 2, which is the newest) (diff)
Search: