tag:blogger.com,1999:blog-37798047.post9176871812387109768..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: Target: just 'cause it's 3DES doesn't mean it's secureDavid Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-37798047.post-40468832908482354522014-06-29T20:35:16.889-04:002014-06-29T20:35:16.889-04:00JoachimV is correct about DUKPT. Each PIN read use...JoachimV is correct about DUKPT. Each PIN read uses a unique key used for asymmetric encryption. Only the credit card processor holds the keys needed to decrypt.<br /><br />Additionally, you can't just brute force guess PINs against the encrypted PIN block. Think about it for a second. That would require the keys because this is actual encryption. This isn't like cracking passwords where you have a hash and brute force guess until the hash is the same.Unknownhttps://www.blogger.com/profile/11517376712173620407noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-75974157303963609412014-06-29T20:34:45.191-04:002014-06-29T20:34:45.191-04:00JoachimV is correct about DUKPT. Each PIN read use...JoachimV is correct about DUKPT. Each PIN read uses a unique key used for asymmetric encryption. Only the credit card processor holds the keys needed to decrypt.<br /><br />Additionally, you can't just brute force guess PINs against the encrypted PIN block. Think about it for a second. That would require the keys because this is actual encryption. This isn't like cracking passwords where you have a hash and brute force guess until the hash is the same.Unknownhttps://www.blogger.com/profile/11517376712173620407noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-25298407231471957662014-06-08T11:22:47.764-04:002014-06-08T11:22:47.764-04:00On average, wouldn't it be 5000 attempts (rath...On average, wouldn't it be 5000 attempts (rather than 10,000)? Assuming even distribution, the first attempt has a 1/10,000 chance and the 10,000th attempt - if it gets that far - has 100% chance. Another factor to consider is that PINs are not equally distributed - so if they tried the popular combinations first, they probably would filter out a large chuck quickly.staff writershttps://www.blogger.com/profile/10769711025341642680noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-38847690240190681542014-01-03T20:53:14.112-05:002014-01-03T20:53:14.112-05:00The attacks described here are not possible and re...The attacks described here are not possible and reflect a misunderstanding of how PINs are encrypted and the infrastructures, standards, labs, and certifications that go into PIN security. Wish we had such requirements for hashing storage of passwords.<br /><br />PCI PIN and PCI PTS requires unique keys per device at a minimum and prevents the ability to try all possible PINs with trial and error. ANS X9.24 part 1 Annex A specifies DUKPT (Derived Unique Key Per Transaction) which derives a unique key for each PIN encryption. Almost all processors in the US use this standard for PIN encryption with ISO standard PIN blocks. Using either or both of these standards, it is not possible to rainbow table these blocks. They are not subject to the same attacks that affected Adobe passwords (which didn't follow best practices). <br /><br />All the scholarly papers describing attacks on encrypted PIN blocks also recognize this fact and instead describe attacks against systems, not the data.JoachimVhttps://www.blogger.com/profile/13968925916367728509noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-37518182826033312302013-12-28T18:30:11.391-05:002013-12-28T18:30:11.391-05:00Except that PIN block format 0, which salts the PI...Except that PIN block format 0, which salts the PIN block with the account number, has been mandated by the networks for years. Identical PINs from different cards will yield different encrypted PIN blocks, making rainbow table type attacks useless.Brian B.https://www.blogger.com/profile/11447064832974205093noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-57600929253686638072013-12-28T02:56:43.192-05:002013-12-28T02:56:43.192-05:00To their defense, it is possible that they used a ...To their defense, it is possible that they used a different key for each PIN and depending on the KDF, 3DES might be secure under those conditions.<br /><br />I don't think this is the case, but just mentioning for completeness :-)<br /><br />Also, see this post which just came up in my RSS reader: http://blog.cryptographyengineering.com/2013/12/can-hackers-decrypt-targets-pin-data.htmlCd-MaNhttps://www.blogger.com/profile/05030326541176171725noreply@blogger.com