Re: Changing PINs of German bank card

[Binarus]

On 11.07.2017 20:38, MFPA wrote:
> 
> 
> On Tuesday 11 July 2017 at 8:44:48 AM, in
> , Binarus wrote:-
> 
> 
>> I am not sure if this is an intentional limitation of
>> the cards (to
>> prevent users from choosing idiotic pins like 1234 or
>> their birthday).
> 
> 
> Surely things like 1234 can be prevented by software.
> 

But birthdays and the like probably not.

Furthermore (not being sure, so read with care), I think that the bank
does not know your pin, but it is stored in the banks' backends as some
sort of hash, and this means that such software would have to run on the
card.

Regards,

Binarus


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpgme - raw RSA operation using GPG public/private keys?

[Daniel Kahn Gillmor]

On Fri 2017-07-07 18:01:03 +0200, gnupg-u...@niob.at wrote:

> I am looking for a "simple" way to use a GPG public/private RSA key to
> do "raw" RSA operations. I have the impression, that gpgme only deals
> with "real" OpenPGP data structures, but this does not fit my use case.
> This is for an application that is currently based on openssl crypto.

you're right -- gpgm is only for higher-level protocol operations,
whether they're OpenPGP or CMS (cryptographic message syntax).  it
doesn't offer low-level crypto primitives.

if you want low-level crypto primitives that are GPL-compatible, you can
use libhogweed (from the nettle project) or libgcrypt.

Modern GnuPG uses libgcrypt for its crypto primitives, fwiw.

   --dkg


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[Matthias Apitz]

El día martes, julio 11, 2017 a las 07:38:08p. m. +0100, MFPA escribió:

> On Tuesday 11 July 2017 at 8:44:48 AM, in
> , Binarus wrote:-
> 
> 
> > I am not sure if this is an intentional limitation of
> > the cards (to
> > prevent users from choosing idiotic pins like 1234 or
> > their birthday).
> 
> 
> Surely things like 1234 can be prevented by software.

Why 1234 is an idiotic PIN? What are idiotic PINs? Of course, idiotic is
any PIN which has in your pocket hints about this (like a sticker attached
or your birthday). But remember, you normally have 3 tries only to test
all "idiotic" PINs. 1234 is same idiotic as 2345 or as 3456 or  or as
, or , or ...

matthias

-- 
Matthias Apitz, ✉ g...@unixarea.de, ⌂ http://www.unixarea.de/  ☎ 
+49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
8. Mai 1945: Wer nicht feiert hat den Krieg verloren.
8 de mayo de 1945: Quien no festeja perdió la Guerra.
May 8, 1945: Who does not celebrate lost the War.


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[Brad Rogers]

On Tue, 11 Jul 2017 19:38:08 +0100
MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> wrote:

Hello MFPA,

>Surely things like 1234 can be prevented by software.

Sure.

The question is "Are they?"

I suspect(1) the answer, in many cases, is "No."

(1) My gut feeling - I have no evidence/proof.

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
Chose to play the fool in a six piece band
What A Waste - Ian Dury And The Blockheads


pgpFQLKLGUaHZ.pgp
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Tuesday 11 July 2017 at 8:44:48 AM, in
, Binarus wrote:-


> I am not sure if this is an intentional limitation of
> the cards (to
> prevent users from choosing idiotic pins like 1234 or
> their birthday).


Surely things like 1234 can be prevented by software.



- --
Best regards

MFPA  

Change is inevitable except from a vending machine
-BEGIN PGP SIGNATURE-

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWWUbEV8UgAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5IqUAP9kGj8+HI9HZ64HHANDfjyg6g1bwSwwyp0yaArYioM95gD/eu+gvqI5zsnc
y2u1pnh07uR42LhQXV4GKv5liIfzswqJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWWUbEV8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8GiHCACz9RsSJ3Zn44MLi3SfEbD/n7yz
CWc55RaqMvSSp4Avpyxpbd/ITPkrVSspYdtAgUdq37YT3J+cDkcGGL6HBAhrTRJf
3oWSVZ1mBcLxzTsNEeurBpMROkembQRMOHeaMKf0iVT+Foe0UpHSDzm3bx7RAgav
k7EEB5A9QJVEEpdIcVPmVrU5uBbg5v3gNgszg1agi+KaXqs3i+E3n91Jtd4oRIdC
6LYarOZJdbhYOjAfG9ioAb1F+IeiB2xLviHDmzWAy+oT/Kw9QIWq/3S9BA+po2AE
eEXHydHVhgpqPbspA4MLX5Hkr8O8H2lj73uOrSKa8GkR2gyak3ehKA/rGomZ
=/Yyb
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Tuesday 11 July 2017 at 11:23:06 AM, in
, Julian H.
Stacey wrote:-


> All UK cards I know of allow PIN change at the ATM.

Back in the 1980s I remember some that had no PIN change facility. And
at one time, NatWest only allowed a PIN change the first time the card
was used in one of their own ATMs.

- --
Best regards

MFPA  

A woman's mind is cleaner than a man's: She changes it more often.
-BEGIN PGP SIGNATURE-

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWWUZsV8UgAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5Du6AQDlRkHz9Q6DHWfTdBcGaQeWHt5+WJm1pHYY1nC7lJAyiwD6AxjVP0zyAMlu
OjGQd6koHrRsqrPqQYvfL9pfiLI+SQuJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWWUZxV8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8JK8B/0TIofXyXDj+YKzJzC122GnsmwY
5in84fDv0e1OBjRnjnfou5+EVQjD2HMOC5EYdPd/sqVk/StVaJCSln4eaKcFwpkt
CkWgWqh7nB6gi7N++zOky0ju+dmV/TvUDGzcwo+eNpQ3RE+oWTrub3Ru/MqYYdNI
5pMWPPBrY9kAUM14lR7WjntrfUfrmMp1V7A4ha3i6Asgj0vXZ+KKMuOedl3777dd
NCT1WS83RhzOLOsutQcZmXl095zh2/foHy0c5e17fnt01HQR5LvBdwFC4eQAZTWw
ngDXdCntKdX2vw5J2l8k/UCAjW0JQk4MzY20cnh3TYXe0hDN2OJmg4Bt4wX8
=oqCv
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[Binarus]

On 11.07.2017 14:38, Jerry wrote:
> On Tue, 11 Jul 2017 12:32:56 +0200, Binarus stated:
> 
> [...]
>> I am not completely sure if I got you right. Wouldn't that mean that I
>> have to lose my card, the bad person then makes two guesses, then I get
>> back my card and enter my correct pin, then I lose my card again, and
>> the same bad person finds it again and makes another two guesses, then
>> I get my card back again and so on?
>
> If you continually lose your card that often, you have more problems
> than just a lost/stolen card to deal with. I sincerely hope you are
> never trusted with confidential information.
>

Not sure if you eventually have misunderstood me. I was just trying to
understand the previous speaker by asking him what exactly he was
meaning ...

>> The only way to abuse the fail counter reset feature would be to steal
>> the card, to copy it and to return it to its owner, and to do this in a
>> way that the owner would not notice it. But again, the adversary would
>> then still have to observe the card owner to see when the counter is
>> reset and to start his next tries.
> 
> I was told, although not confirmed, that cards with embedded chips
> cannot be copied and still be usable. If anyone would like to comment
> on that, it would be welcomed.

No idea about the U.S., but talking about Germany: The main problem with
ATMs here is skimming (I am not sure if this wording is correct in the
U.S., so let me shortly explain: Skimming means that some adversary
manipulates an ATM in that he mounts an own user interface onto it,
perfectly imitating the original interface (mechanically - own
electronics, own keyboard), intercepting the data stream and the
keystrokes (pin), or mounts a pinhole camera to record people entering
their pins)).

AFAIK, at least until one or two years ago, the skimmers used to copy
the cards, but recently banks upgraded their ATMs and their customers'
cards so that they can't be copied any more. But for compatibility, the
ATMs still won't refuse old cards which can be copied.

But please don't take this as bare truth; I am really not sure.

>>> The probability to guess the correct code during the 5-years life of
>>> the card is definitely non-negligible.>  
 And there is one more very important thing most people don't think
 of: What happens if you have an accident or if you die? Your heirs
 will have all sorts of troubles if something happens to you and
 they can't access your electronic accounts because they don't have
 the passwords.  
>>
>>> Usually there are other, non-technical ways. For example they just
>>> go to the bank with a death certificate.  
> 
> I have actually seen that happen. The estate lawyer had to fill out
> some paper work, but it was really no big deal. Basically, it is the
> same procedure used to get access to a deceased safe deposit box.

No chance to have it that ease here in Germany ... at least with certain
banks.

>> I already have seen cases where it was not that easy in Germany.
>> Usually, presenting a death certificate to the bank is not enough. I
>> have seen that the bank had to make sure that the people presenting the
>> death certificate actually were the legal heirs. That meant that those
>> people had to acquire all sorts of documents from all sorts of
>> authorities which has been very expensive (several hundreds of EUR),
>> but more important, was very unpleasant and time consuming, especially
>> in the situation they were.
> 
> Good for them. They should make absolutely sure before releasing the
> funds.

I agree.

>> AFAIK, there is only one thing you could do to avoid that hassle: The
>> testator and the heirs should make a contract of inheritance. Such a
>> contract must be made by a notary, so this will also have its cost, but
>> when you present such a contract to the bank (in addition to the death
>> certificate), you will have no problems.
> 
> The cost of a notary is a few dollars; therefore, negligible. Honestly,
> I would hope that it would NOT be that easy.

Here in Germany, a notary even won't take his pencil without earning a
significant amount of money. As far as I can remember, the inheritance
contract did cost about 500 EUR (about US $560) many years ago, but that
was still a small amount of money compared to the hassle the heirs would
have had if they did not have that contract.

By the way, there is no competition in this field because the money a
notary charges for an action is defined by law. There is a detailed
catalogue which lists every action a notary could (may) do, even the
most exotic ones, and how much money he will get for that. Any notary is
prohibited by law from charging less; he will lose his approbation and
get into serious trouble if he does.

Is the situation in the U.S. similar?

> I have all of my important papers, including passwords to accounts that
> have to be kept secure, in a bank safe deposit box. If I were to die,
> it wouldn't matter who had the key if they 

Re: Changing PINs of German bank card

[Peter Lebbing]

On 11/07/17 12:32, Binarus wrote:
> I am not completely sure if I got you right. Wouldn't that mean that I
> have to lose my card, the bad person then makes two guesses, then I get
> back my card and enter my correct pin, then I lose my card again, and
> the same bad person finds it again and makes another two guesses, then I
> get my card back again and so on?

But you were discussing both card PINs as well as web passwords with low
entropy, right? You said earlier:

> - If somebody tries to brute force the pin (or online banking password),
> the access will be permanently denied if there are more than 3 failures
> (the exact number may vary).

I still don't think you could brute-force it with just two tries in
between your regular logins. However, this seems like a nice DoS if
someone dislikes you and is mean-spirited. They get a hold of your bank
account number, attempt to log in with the three password guesses "say",
"bye" and "now" and you need to phone up your bank, they need to send
you a new letter with a new password, etcetera. Or is there some other
secret or semi-secret, like a card number, that an attacker needs to
enter in order to decrement the failure counter?

This "three strikes and you're out" scheme is generally for two-factor
auth, not for regular web passwords. For a reason.

Cheers,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[Binarus]

On 11.07.2017 11:48, Matthias Mansfeld wrote:
> On 11 Jul 2017 at 9:44, Binarus wrote:
> 
>> On 10.07.2017 17:42, Guan Xin wrote:
>>> This is probably a general question --
>>>
>>> I have never seen a German bank that allows changing the PIN of a card.
>>
>> I am not sure if this is an intentional limitation of the cards (to
>> prevent users from choosing idiotic pins like 1234 or their birthday).
> 
> [..]
> At least Sparkasse and HypoVereinsbank and IIRC also Postbank allow 
> changing at the ATM terminal.
> 
> And a birthday isn't as idiotic as 1234 or , as long you assume a 
> standard pickpocket doesn't know you personal data (OK, your ID-card 
> within the same wallet... maybe no good idea. Then not your own 
> birthday but from a person or your cat you can remember, or better 
> your wedding day, which normally would be forgotten always ;-) 

You are right, but experience tells us (no, not us, but the banks) that
people won't think about it. I have no doubt that people like you and me
would choose a secure pin, but from a bank's point of view, most people
would choose pins like 1234 or their birthday.

It might be only a matter of time until there is the first case of a
bank refusing to compensate a customer because his pin was his birthday.

>> Now, this is a completely different question which does not have to do
>> anything with the pin's length. The answer to this question completely
>> depends on your environment and your intentions. I will explain this by
>> two examples with contrary conclusions:
>>
>> Example 1:
>>
> [...]
>>
>> Example 2:
> [..]
> 
> Example 3
> 
> MY use case would be: I have, let's say two bank accounts at 
> Sparkasse, one at Postbank, one at HypoVereinsbank (possible reason: 
> two bussines accounts and one private account and one from a 
> inherited account) and I can remember ONE good "random-like" 
> 4-digit-PIN, but would mangle definitely four different PINs (been 
> there, done that...). Then I chose one and the same "good" PIN for 
> all four cards which I don't need to write down anywhere and 
> everything is OK.

This is a good point as long as we are discussing only banking card
pins. My examples were more general (an electronic password safe will
store all sorts of other secrets / web passwords). Since the OP had
asked about banking card pins, I eventually should have restricted my
answers to that.

On the other hand, I can image a bunch of cases where somebody would
like to take web passwords (and not only banking card pins) along when
going out (e.g. doing web based email in an internet cafe during
vacation). In such cases, I think there is no reason why the pins
shouldn't be stored in the password safe as well.

Thinking about your use case, I am not sure if I would try to make all
pins the same, given the fact that nowadays skimming is the main problem
(and not stealing and trying to brute-force). I am not sure if banks
will compensate if something very bad happens and all four of your
accounts get emptied when the respective cards have the same pin.
Probably most banks disallow this in their terms of service (AGBs).

After all, you don't use the same password for your eBay, Facebook and
Paypal account, do you (unfair question, because those accounts won't be
disabled after three wrong password entries, but nevertheless ...)?

Regards,

Binarus

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[Jerry]

On Tue, 11 Jul 2017 12:32:56 +0200, Binarus stated:

>On 11.07.2017 10:14, NdK wrote:
>> Il 11/07/2017 09:44, Binarus ha scritto:
>>   
>>> - If somebody tries to brute force the pin (or online banking
>>> password), the access will be permanently denied if there are more
>>> than 3 failures (the exact number may vary). That means that the
>>> length of the pin / password is not as important as one might
>>> think, because it is practically impossible to brute force a 4
>>> digit pin with only 3 tries.  
>
>> If you routinely use your card twice a day, they can make two or four
>> guesses each day: every correct PIN you insert resets the counter.  
>
>I am not completely sure if I got you right. Wouldn't that mean that I
>have to lose my card, the bad person then makes two guesses, then I get
>back my card and enter my correct pin, then I lose my card again, and
>the same bad person finds it again and makes another two guesses, then
>I get my card back again and so on?

If you continually lose your card that often, you have more problems
than just a lost/stolen card to deal with. I sincerely hope you are
never trusted with confidential information.

>This is practically impossible (unless I have missed something
>obvious). How could the correct pin be entered and the counter be
>reset if I didn't get the card back?

In theory, it couldn't.

>Or did you refer to an adversary who copied the card? In that case, he
>still would have to know when I actually have entered the correct pin
>(which would mean that he permanently had to observe me) to start his
>next two tries.
>
>Furthermore, people usually call their bank to make their card invalid
>as soon as they notice they have lost it. This means that they usually
>won't enter the correct pin again after having lost the card.

That is the general idea.

>The only way to abuse the fail counter reset feature would be to steal
>the card, to copy it and to return it to its owner, and to do this in a
>way that the owner would not notice it. But again, the adversary would
>then still have to observe the card owner to see when the counter is
>reset and to start his next tries.

I was told, although not confirmed, that cards with embedded chips
cannot be copied and still be usable. If anyone would like to comment
on that, it would be welcomed.

>> The probability to guess the correct code during the 5-years life of
>> the card is definitely non-negligible.>  
>>> And there is one more very important thing most people don't think
>>> of: What happens if you have an accident or if you die? Your heirs
>>> will have all sorts of troubles if something happens to you and
>>> they can't access your electronic accounts because they don't have
>>> the passwords.  
>
>> Usually there are other, non-technical ways. For example they just
>> go to the bank with a death certificate.  

I have actually seen that happen. The estate lawyer had to fill out
some paper work, but it was really no big deal. Basically, it is the
same procedure used to get access to a deceased safe deposit box.

>I already have seen cases where it was not that easy in Germany.
>Usually, presenting a death certificate to the bank is not enough. I
>have seen that the bank had to make sure that the people presenting the
>death certificate actually were the legal heirs. That meant that those
>people had to acquire all sorts of documents from all sorts of
>authorities which has been very expensive (several hundreds of EUR),
>but more important, was very unpleasant and time consuming, especially
>in the situation they were.

Good for them. They should make absolutely sure before releasing the
funds.

>AFAIK, there is only one thing you could do to avoid that hassle: The
>testator and the heirs should make a contract of inheritance. Such a
>contract must be made by a notary, so this will also have its cost, but
>when you present such a contract to the bank (in addition to the death
>certificate), you will have no problems.

The cost of a notary is a few dollars; therefore, negligible. Honestly,
I would hope that it would NOT be that easy.

>But now, being a German citizen, try the same thing with eBay,
>Facebook, LinkedIn, PayPal and so on ... no thanks.
>
>>> So I tend to write down at least my master password on a sheet of
>>> paper, put that in a sealed envelope and give it to a relative who
>>> I highly trust. In case I die, they open the envelope, have the
>>> master password for my password safe and can use that to open the
>>> access to all my accounts. Alternatively, you could have some
>>> relative you trust memorize your master password. But since he
>>> won't use it regularly (hopefully), he probably will forget it
>>> after short time ...  
>
>> Better use shamir's secret sharing, or just use LCD-segments
>> characters printed on two acetate sheets that need to be combined to
>> be read. Obviously the two sheets are to be given to two different
>> people, in sealed envelopes...  
>
>Nice ideas :-) My 

Re: Changing PINs of German bank card

[Binarus]

On 11.07.2017 14:32, NdK wrote:
> Il 11/07/2017 12:32, Binarus ha scritto:
> 
>> But now, being a German citizen, try the same thing with eBay, Facebook,
>> LinkedIn, PayPal and so on ... no thanks.
> Why should heirs have access to social accounts? Paypal, otoh, is a bank
> that have to follow the same rules of other banks...

Interestingly enough, this subject is becoming more and more important.
I think I can remember that there are first tries in some countries (or
the EU?) to make respective laws. At least, I am sure that there already
were lawsuits where heirs have tried to get hold of accounts of somebody
who passed away (in the case I can remember, a facebook account has been
subject of the lawsuit, but I can't remember right now how it ended).

IMHO, there are many reasons why this should be possible, so I would
appreciate if there were such laws. I don't want this thread to become
too off-topic, so I won't elaborate on this in a fashion this complex
subject deserves, but just give one pragmatic example:

Let's suppose somebody offers something on eBay and then passes away.
Let's suppose that somebody else wins that auction and immediately pays
via PayPal. Now what?

There may be means to solve such situations, but they usually cost lots
of time, money or nerves, and this has been just a simple example. If we
think a while about it, we surely will find a constellation where it
would be quite catastrophic if an account holder's heirs couldn't get
hold of his accounts.

>> Nice ideas :-) My own security needs are not that high, though (hoping
>> that life won't punish me for that optimism).
> My concern with a singl "cleartext" pass would be a burglar that steals
> it together with other valuables...

You are right, burglary is a real threat. But if you have memorized your
master password and don't keep it on paper in your own apartment /
house, but just give it on paper to a relative, the burglar will have to
steal the paper from your relative and at the same time steal your PC
(or banking card) from you to make anything out of it.

Therefore, I have no problem with giving the password on paper to a
relative who lives some km away from me. I would never keep the password
on paper in the same room (or even building) as the PC or banking card,
though, and as soon as either the PC (or banking card) or the password
paper would be stolen, I would immediately change the password (and hand
the new one out on paper to my relative).

>> To add to it, if you mistrust your relatives, you could put the password
>> on paper into some sort of lock box and carry the key to that lock box
>> with you. But then what would happen if you lost that key?
> Given that mechanical keys are often easier to open whithout the key
> than with it...

Actually, I was thinking about a lock box in a bank or such things ...

Regards,

Binarus

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[NdK]

Il 11/07/2017 12:32, Binarus ha scritto:

>> If you routinely use your card twice a day, they can make two or four
>> guesses each day: every correct PIN you insert resets the counter.
> I am not completely sure if I got you right. Wouldn't that mean that I
> have to lose my card, the bad person then makes two guesses, then I get
> back my card and enter my correct pin, then I lose my card again, and
> the same bad person finds it again and makes another two guesses, then I
> get my card back again and so on?
Say that's your wife/son that takes the card when you're at home...
Low prob, but possible :)

>> Usually there are other, non-technical ways. For example they just go to
>> the bank with a death certificate.
> I already have seen cases where it was not that easy in Germany.
> Usually, presenting a death certificate to the bank is not enough. I
> have seen that the bank had to make sure that the people presenting the
> death certificate actually were the legal heirs. That meant that those
> people had to acquire all sorts of documents from all sorts of
> authorities which has been very expensive (several hundreds of EUR), but
> more important, was very unpleasant and time consuming, especially in
> the situation they were.
Been there...
Another reason to give the password before going with the documents
might be "a bit" illegal: just transfer the money to avoid paying taxes.

> But now, being a German citizen, try the same thing with eBay, Facebook,
> LinkedIn, PayPal and so on ... no thanks.
Why should heirs have access to social accounts? Paypal, otoh, is a bank
that have to follow the same rules of other banks...

> Nice ideas :-) My own security needs are not that high, though (hoping
> that life won't punish me for that optimism).
My concern with a singl "cleartext" pass would be a burglar that steals
it together with other valuables...

> To add to it, if you mistrust your relatives, you could put the password
> on paper into some sort of lock box and carry the key to that lock box
> with you. But then what would happen if you lost that key?
Given that mechanical keys are often easier to open whithout the key
than with it...

BYtE,
 Diego


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[Matthias Mansfeld]

On 11 Jul 2017 at 9:44, Binarus wrote:

> On 10.07.2017 17:42, Guan Xin wrote:
> > This is probably a general question --
> > 
> > I have never seen a German bank that allows changing the PIN of a card.
> 
> I am not sure if this is an intentional limitation of the cards (to
> prevent users from choosing idiotic pins like 1234 or their birthday).

[..]
At least Sparkasse and HypoVereinsbank and IIRC also Postbank allow 
changing at the ATM terminal.

And a birthday isn't as idiotic as 1234 or , as long you assume a 
standard pickpocket doesn't know you personal data (OK, your ID-card 
within the same wallet... maybe no good idea. Then not your own 
birthday but from a person or your cat you can remember, or better 
your wedding day, which normally would be forgotten always ;-) 

> Now, this is a completely different question which does not have to do
> anything with the pin's length. The answer to this question completely
> depends on your environment and your intentions. I will explain this by
> two examples with contrary conclusions:
> 
> Example 1:
> 
[...]
> 
> Example 2:
[..]

Example 3

MY use case would be: I have, let's say two bank accounts at 
Sparkasse, one at Postbank, one at HypoVereinsbank (possible reason: 
two bussines accounts and one private account and one from a 
inherited account) and I can remember ONE good "random-like" 
4-digit-PIN, but would mangle definitely four different PINs (been 
there, done that...). Then I chose one and the same "good" PIN for 
all four cards which I don't need to write down anywhere and 
everything is OK.

Regards
Matthias
--
OpenPGP: http://www.mansfeld-elektronik.de/gnupgkey/mansfeld.asc
Fingerprint: 6563 057D E6B8 9105 1CE4 18D0 4056 1F54 8B59 40EF


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[Binarus]

On 11.07.2017 10:14, NdK wrote:
> Il 11/07/2017 09:44, Binarus ha scritto:
> 
>> - If somebody tries to brute force the pin (or online banking password),
>> the access will be permanently denied if there are more than 3 failures
>> (the exact number may vary). That means that the length of the pin /
>> password is not as important as one might think, because it is
>> practically impossible to brute force a 4 digit pin with only 3 tries.

> If you routinely use your card twice a day, they can make two or four
> guesses each day: every correct PIN you insert resets the counter.

I am not completely sure if I got you right. Wouldn't that mean that I
have to lose my card, the bad person then makes two guesses, then I get
back my card and enter my correct pin, then I lose my card again, and
the same bad person finds it again and makes another two guesses, then I
get my card back again and so on?

This is practically impossible (unless I have missed something obvious).
How could the correct pin be entered and the counter be reset if I
didn't get the card back?

Or did you refer to an adversary who copied the card? In that case, he
still would have to know when I actually have entered the correct pin
(which would mean that he permanently had to observe me) to start his
next two tries.

Furthermore, people usually call their bank to make their card invalid
as soon as they notice they have lost it. This means that they usually
won't enter the correct pin again after having lost the card.

The only way to abuse the fail counter reset feature would be to steal
the card, to copy it and to return it to its owner, and to do this in a
way that the owner would not notice it. But again, the adversary would
then still have to observe the card owner to see when the counter is
reset and to start his next tries.

> The probability to guess the correct code during the 5-years life of the
> card is definitely non-negligible.>
>> And there is one more very important thing most people don't think of:
>> What happens if you have an accident or if you die? Your heirs will have
>> all sorts of troubles if something happens to you and they can't access
>> your electronic accounts because they don't have the passwords.

> Usually there are other, non-technical ways. For example they just go to
> the bank with a death certificate.

I already have seen cases where it was not that easy in Germany.
Usually, presenting a death certificate to the bank is not enough. I
have seen that the bank had to make sure that the people presenting the
death certificate actually were the legal heirs. That meant that those
people had to acquire all sorts of documents from all sorts of
authorities which has been very expensive (several hundreds of EUR), but
more important, was very unpleasant and time consuming, especially in
the situation they were.

AFAIK, there is only one thing you could do to avoid that hassle: The
testator and the heirs should make a contract of inheritance. Such a
contract must be made by a notary, so this will also have its cost, but
when you present such a contract to the bank (in addition to the death
certificate), you will have no problems.

But now, being a German citizen, try the same thing with eBay, Facebook,
LinkedIn, PayPal and so on ... no thanks.

>> So I tend to write down at least my master password on a sheet of paper,
>> put that in a sealed envelope and give it to a relative who I highly
>> trust. In case I die, they open the envelope, have the master password
>> for my password safe and can use that to open the access to all my
>> accounts. Alternatively, you could have some relative you trust memorize
>> your master password. But since he won't use it regularly (hopefully),
>> he probably will forget it after short time ...

> Better use shamir's secret sharing, or just use LCD-segments characters
> printed on two acetate sheets that need to be combined to be read.
> Obviously the two sheets are to be given to two different people, in
> sealed envelopes...

Nice ideas :-) My own security needs are not that high, though (hoping
that life won't punish me for that optimism).

> BTW the method you use is the same that was used for our mainframe's
> master password. :)

To add to it, if you mistrust your relatives, you could put the password
on paper into some sort of lock box and carry the key to that lock box
with you. But then what would happen if you lost that key?

Regards,

Binarus

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[Julian H. Stacey]

> > This is probably a general question --
> >=20
> > I have never seen a German bank that allows changing the PIN of a card.
> > So I wonder if it is because using a fixed (non-changeable) 4-digit PIN
> > mailed in clear text really safer than using a 4 to 6 digit variable leng=
> th
> > PIN that never explicitly appears anywhere.
> 
> Nowadays some German banks allow changing the PIN in the Teller
> Machines. I saw it today in an ATM of the Sparkasse. Amex allows (or=20
> allowed) requesting a new personal PIN by fax.

Postbank.de did not provide it on ATM or by any other means a month back.
All UK cards I know of allow PIN change at the ATM.

Cheers,
Julian
-- 
Julian H. Stacey, Computer Consultant, BSD Linux Unix Systems Engineer
 Reply below, Prefix '> '. Plain text, No .doc, base64, HTML, quoted-printable.
 http://berklix.eu/brexit/#700k_stolen_votes

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[NdK]

Il 11/07/2017 09:44, Binarus ha scritto:

> - If somebody tries to brute force the pin (or online banking password),
> the access will be permanently denied if there are more than 3 failures
> (the exact number may vary). That means that the length of the pin /
> password is not as important as one might think, because it is
> practically impossible to brute force a 4 digit pin with only 3 tries.
If you routinely use your card twice a day, they can make two or four
guesses each day: every correct PIN you insert resets the counter.
The probability to guess the correct code during the 5-years life of the
card is definitely non-negligible.

> And there is one more very important thing most people don't think of:
> What happens if you have an accident or if you die? Your heirs will have
> all sorts of troubles if something happens to you and they can't access
> your electronic accounts because they don't have the passwords.
Usually there are other, non-technical ways. For example they just go to
the bank with a death certificate.

> So I tend to write down at least my master password on a sheet of paper,
> put that in a sealed envelope and give it to a relative who I highly
> trust. In case I die, they open the envelope, have the master password
> for my password safe and can use that to open the access to all my
> accounts. Alternatively, you could have some relative you trust memorize
> your master password. But since he won't use it regularly (hopefully),
> he probably will forget it after short time ...
Better use shamir's secret sharing, or just use LCD-segments characters
printed on two acetate sheets that need to be combined to be read.
Obviously the two sheets are to be given to two different people, in
sealed envelopes...

BTW the method you use is the same that was used for our mainframe's
master password. :)

BYtE,
 Diego

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[Binarus]

On 10.07.2017 17:42, Guan Xin wrote:
> This is probably a general question --
> 
> I have never seen a German bank that allows changing the PIN of a card.

I am not sure if this is an intentional limitation of the cards (to
prevent users from choosing idiotic pins like 1234 or their birthday).

> So I wonder if it is because using a fixed (non-changeable) 4-digit PIN
> mailed in clear text really safer than using a 4 to 6 digit variable
> length PIN that never explicitly appears anywhere.

I recently had a talk with one of my banks because they didn't even
allow changing the web password (for access to online banking) to
something being longer than 5 alphanumeric digits (!!!).

Although (in my case) the subject of the talk was the web password, the
following applies to the card pin as well.

- Usually, you are receiving the card's pin by postal mail. It is
consensus here in Germany that postal mail is highly trustworthy and
that the so called "Briefgeheimnis" is obeyed very carefully. The legal
hurdles for opening a letter during transport are still very high.

- Additionally, you are usually receiving the pins in a special envelope
which (AFAIK) makes it very difficult to read the letter's content
without opening it, even by advanced means (X-ray and the like). In many
cases, the pin is even more secured (metal coating).

I (personally) consider receiving pins that way safe.

But the key point in the bank's argumentation was (applies to pins as
well as to my online banking access):

- If somebody tries to brute force the pin (or online banking password),
the access will be permanently denied if there are more than 3 failures
(the exact number may vary). That means that the length of the pin /
password is not as important as one might think, because it is
practically impossible to brute force a 4 digit pin with only 3 tries.

I know that the chance for guessing 4 digits within 3 tries is higher
than guessing 6 digits, but obviously, most banks are considering 4
digits safe enough.

Furthermore, if you are really hacked and lose money because of this,
the bank will compensate your loss provided that you did not behave like
an idiot (i.e. if you did not note the pin on a piece of paper, attached
that piece of paper to your card and then lost both of them). At least,
they did so in all cases I know about, despite of the fact that the
respective customer (of course) could not *prove* at a technical level
how the hacking worked. As long as the customer could demonstrate
credibly that he had not done any very silly mistake, the bank compensated.

Due to all reasons mentioned above, I (personally) think that you should
not be concerned by the length of the pin, the fact that you can't
change it, and the way you receive it.

> If German banks are right, then should I follow their method and store
> the PINs of my OpenPGP cards on a piece of paper?

Now, this is a completely different question which does not have to do
anything with the pin's length. The answer to this question completely
depends on your environment and your intentions. I will explain this by
two examples with contrary conclusions:

Example 1:

You always forget that pin of your EC card. Therefore, you write it down
to a piece of paper and put it into your wallet besides your EC card.

Well, as said above, this obviously would be the most silly thing you
could do. No bank will compensate you if you lose your wallet (with the
card and its pin) and if somebody then steals your money.

So you think about it and come to a better idea. You could store the pin
on your smart phone. This indeed is better - hopefully you won't lose
your smart phone and your banking card at the same time. But there is
still a small chance that you do.

You think again and finally have a good idea. You install a password
safe app on your smart phone which locally stores all pins and passwords
with strong encryption. You operate that app with great discipline: You
choose a long, weird master password which you must enter to open the
password safe where the pin is stored. You open the safe only when
needed, and you close it immediately when done, and you don't let the
app (or OS) cache the master password.

(Note: Of course, you MUST NOT write the master password on a piece of
paper and attach that paper to your smart phone ...)

So, in this example, carrying a piece of paper with you where the pin is
noted is a very bad idea, but carrying that pin with you on your smart
phone is a good idea provided that the pin is stored there in a heavily
encrypted password safe and provided that you operate that safe with
some discipline. You still have to memorize that safe's master password,
but this is a one time thing, and you then could store all other
passwords and pins in that safe.

Example 2:

On your desktop PC, you are using the internet excessively, and you are
afraid that some Trojan horse / keylogger will be able to get on your PC
(given the latest ransomware attacks, this