Allen wrote:
During the transmission from an ATM machine 4 numeric characters are probably safe because the machines use dedicated dry pair phone lines for the most part, as I understand the system. This, combined with triple DES, makes it very difficult to compromise or do a MIM attack because one can not just tap into the lines remotely.
We are in agreement. Even short PINs could be safe in a bank-side authenticated (no MITM) SSL connection with 128-bit encryption. What's also needed is to block multiple attempts after 3 or 4 tries, in both the ATM and the SSL online scenarios.
Cheers, Ed Gerck --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
