Responding to the PIN cracking attacks from Berkman and Ostrovsky (FC 2007), we outline a simple solution called salted-PIN. Instead of sending the regular user PIN, salted-PIN requires an ATM to generate a Transport Final PIN from a user PIN, account number, and a salt value (stored on the bank card) through, e.g., a pseudo-random function. We explore different attacks on this solution, and propose a variant of salted-PIN that can significantly restrict known attacks. Salted-PIN requires modifications to service points (e.g. ATMs), issuer/verification facilities, and bank cards; however, changes to intermediate switches are not required. © 2008 Springer-Verlag Berlin Heidelberg.
CITATION STYLE
Mannan, M., & Van Oorschot, P. C. (2008). Weighing down “the unbearable lightness of PIN cracking.” In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5143 LNCS, pp. 176–181). https://doi.org/10.1007/978-3-540-85230-8_14
Mendeley helps you to discover research relevant for your work.