[plug] Banks Online
Christian
christian at amnet.net.au
Thu Jun 29 12:53:12 WST 2000
On Thu, Jun 29, 2000 at 12:35:36PM +0800, skribe wrote:
> At 12:19 29/06/00, Christian wrote:
> >Worst-case scenario is
> >that someone guesses my 4 digit PIN (~10 bits of entropy: 40-bit keys
> >are suddenly looking a lot better!) and has complete access to my bank
> >account.
>
> Possible point of clarification:
> Banks usually use an 8 character password system for internet banking.
Is eight a required length or just the maximum? If everyone chose
passwords of exactly 8 characters (unrealistic, ideal case) then the
average entropy would be around 10.4 bits, i.e., only marginally better
than a 4 digit PIN. If 4 character passwords were a restricted minimum
then the entropy would be somewhere between 5 and 10 bits on average.
The 40-bit RC4 key is still at least a thousand million times more secure.
Regards,
Christian.
More information about the plug
mailing list