[plug] Banks Online
navarre at plug.linux.org.au
navarre at plug.linux.org.au
Mon Jul 3 07:09:55 WST 2000
Hello Pluggers
If no one has tried it, I could not make Netbank function under
staroffice 5.2.
The last time I used Netbank I ran the downloaded windows program which
works fine for all the transactions that I would want to perform.
As far as general electronic banking information, when I was doing the
Quallity Control at Intelect (the pin pad makers) I was using the
Australian Standards 2805 documentation that told me how the encryption
was to be done. In testing the pin pad applications there were many
different mechanisums be used that all adhered to the standard. A user
PIN as used with the swipe card could be from 4 to 12 digits long, this
data was packed into a pin block and encrypted under the session pin key,
generally a derived key from a 128 bit non exposed master key, and
transmitted to the acquirer for verification. My memory fails me as to
what happens to the card data, I was doing this over ten years ago. The
PIN encryption key can be derived from data supplied by the acquirer at
the end of each transaction thus may be unique for each transaction,
successful or not. This would vary from each implementation of the
clients pin pad application.
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 6/29/00, 4:53:12 AM, Christian <christian at amnet.net.au> wrote regarding
Re: [plug] Banks Online:
> On Thu, Jun 29, 2000 at 12:35:36PM +0800, skribe wrote:
> > At 12:19 29/06/00, Christian wrote:
> > >Worst-case scenario is
> > >that someone guesses my 4 digit PIN (~10 bits of entropy: 40-bit keys
> > >are suddenly looking a lot better!) and has complete access to my bank
> > >account.
> >
> > Possible point of clarification:
> > Banks usually use an 8 character password system for internet banking.
> Is eight a required length or just the maximum? If everyone chose
> passwords of exactly 8 characters (unrealistic, ideal case) then the
> average entropy would be around 10.4 bits, i.e., only marginally better
> than a 4 digit PIN. If 4 character passwords were a restricted minimum
> then the entropy would be somewhere between 5 and 10 bits on average.
> The 40-bit RC4 key is still at least a thousand million times more
secure.
> Regards,
> Christian.
More information about the plug
mailing list