Re: Changing PINs of German bank card

[Binarus]

On 15.07.2017 11:17, Andy Ruddock wrote:
> Just as a point of interest
> 
>> I am not sure if this is an intentional limitation of the cards (to
>> prevent users from choosing idiotic pins like 1234 or their birthday).
> 
> I know of somebody who had 1234 issued as their PIN for a UK bank
> account (it IS as random a selection as any other 4-digit number).
 

Yes, in a mathematical sense. Taking the human factor into account, that person 
has been very unlucky.

If you are interested in the details, please refer to my post from 2017-07-12 
08:09.

Regards,

Binarus



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[Binarus]

On 15.07.2017 16:40, MFPA wrote:
> 
> 
> On Thursday 13 July 2017 at 7:18:41 AM, in
> , Binarus wrote:-
> 
> 
>> I don't think so. Banking chip cards contain
>> mechanisms for local PIN
>> verification. You can see that an ATM (or the card)
>> immediately decides
>> if the PIN is correct or not even if the ATM's
>> network connection is
>> failing at that moment.
> 
>> Banking chip cards furthermore contain a processor
>> and software for
>> cryptographic operations, so that the endless
>> capabilities of modern
>> cryptography are at hand. Think of asymmetric methods
>> like RSA ...
> 
> All of which is irrelevant for online transactions. On the shopping
> website, the customer keys in the long card number, the PIN, and the
> last three digits from the signature strip. The chip on the card is
> not involved.
> 
> 

If a website would try to query my EC card's PIN, I would go to the police.

Maybe the situation might be different in other countries, but I have never 
entered any card number into a shopping website with the following exception: 
If paying via credit card (VISA and the like), the website queries the credit 
card's number (I think this is what you mean by "long number"), and *may* query 
additional three digits from a number which is on the back side of the card 
(near the signature strip, as you described).

Customers here in Germany can activate additional security for VISA cards (I 
don't know about other ones): If this is enabled, you have to enter an 
additional TAN (*NOT* PIN) besides the credit card number and the three digits 
when doing the payment. The TAN will be sent to your mobile phone. Perhaps it's 
that what you were referring to?

I know that there are combinations of credit and EC cards. In this case, the 
card *will* have a chip integrated (at least the newer ones). But still then, a 
shopping website must not ask for the PIN (which is only related to the EC card 
part). After all, you can't pay anything on a shopping website directly by EC 
cards (or the EC card part of a combined credit and EC card). At least, I never 
saw such a thing here in Germany (and I am doing a lot of online shopping).

The reason for the latter is that the PIN should *never* be transferred or be 
known in clear by any party (besides yourself and perhaps your bank, but see my 
previous posts for my opinion about that). The only method to pay by EC card 
would be using a certified card reader (which handles the payment safety 
independently from your PC). But since no consumer is ready to pay a lot of 
money for such a card reader, that payment option just does not exist when 
shopping online (at least, not here).

Regards,

Binarus



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[Binarus]

On 15.07.2017 12:36, MFPA wrote:
> 
> 
> On Wednesday 12 July 2017 at 11:01:35 AM, in
> , Binarus wrote:-
> 
> 
>> As far as I know, no bank will be able to tell you
>> your PIN if you have
>> forgotten it
> 
> They can in the UK. For example, see
> 
> and
> .
> 

That is interesting. I wouldn't have expected that. Perhaps somebody who is in 
cryptography deeper than me could comment if it is dangerous.

And perhaps somebody who has accounts with multiple German banks could tell us 
if this is possible with one of his banks as well? I am having all accounts 
with the same bank ...

Regards,

Binarus


 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[Andrew Gallagher]

> On 15 Jul 2017, at 15:40, MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> 
> wrote:
> 
> On the shopping
> website, the customer keys in the long card number, the PIN, and the
> last three digits from the signature strip. The chip on the card is
> not involved.

No, the chip on the card is not involved. So no website should *ever* ask you 
for your PIN. Run away!

Andrew. 

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

gpg-agent/pinentry: How to verify calling application

[Hartmut Knaack]

Hi,
on my machine running Linux and a recent KDE/Plasma, pinentry-qt
occasionally starts right after logging in and asks for my passphrase.
Is there any way to track down, which process asks gpg-agent for my private
key? Preferably, I would like pinentry to inform, which process actually is
the source of the key request.
Thanks

Hartmut


0xFAC89148.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[Brad Rogers]

On Sat, 15 Jul 2017 15:40:25 +0100
MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> wrote:

Hello MFPA,

>All of which is irrelevant for online transactions. On the shopping
>website, the customer keys in the long card number, the PIN, and the

Entered a card *PIN* into a shopping web site?  Really?

Card no. CVV & expiry date.

-- 
 Regards  _
 / )   "The blindingly obvious is
/ _)radnever immediately apparent"
It's the age of destruction, in a world of corruption
Neuromancer - Billy Idol


pgplNdSpeYXen.pgp
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Thursday 13 July 2017 at 7:18:41 AM, in
, Binarus wrote:-


> I don't think so. Banking chip cards contain
> mechanisms for local PIN
> verification. You can see that an ATM (or the card)
> immediately decides
> if the PIN is correct or not even if the ATM's
> network connection is
> failing at that moment.

> Banking chip cards furthermore contain a processor
> and software for
> cryptographic operations, so that the endless
> capabilities of modern
> cryptography are at hand. Think of asymmetric methods
> like RSA ...

All of which is irrelevant for online transactions. On the shopping
website, the customer keys in the long card number, the PIN, and the
last three digits from the signature strip. The chip on the card is
not involved.

- --
Best regards

MFPA  

Eat well, stay fit - Die anyway
-BEGIN PGP SIGNATURE-

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWWopX18UgAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5Cc7AP9j18Q8pCQkNqNJEEhOlSn6vpzwR3bMur1sUrs6VT3C4wEAvmMeibsVwvEm
a5omVlXoCSdTXDWwh7ePDqRUTTiLLAyJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWWopa18UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8HxmCACbE0YE0hekeCn9LKBUsUO1f9kU
icN3Yk3lJzqXiVJyFWzow2+chtlIfX7il+ei/++abbDtkbfe/4RoouUEwaVt++T0
2SBQJAtL+Iqx16N8O6BZ0EkMdOiqhvwXJBM5kZzb/NMnPhtEu2vxd3sN2+vEz01c
GiTF9mpQBjyL/OLwNiukR7dlmtjhIWWiNKq6lOTUgCSrw2y1rIww15Z9tfB/BJBt
kKyp9y9Hv5fcOxrhJCG6s+NywVi5o9mfR9LC8H1e1pccxmZ3fM151FP0TMe01n4S
VgDkVR1+Dc3VCDq1r+4nVEBSfA9Q0yv4WYJAYX5PQKgRKb/w/v9x/2UHXrY3
=mfLl
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[Matthias Apitz]

On Saturday, 15 July 2017 11:17:18 CEST, Andy Ruddock 
 wrote:

Just as a point of interest


I am not sure if this is an intentional limitation of the cards (to
prevent users from choosing idiotic pins like 1234 or their birthday).


I know of somebody who had 1234 issued as their PIN for a UK bank
account (it IS as random a selection as any other 4-digit number).



One of every 10.000 will get this number, you need only luck to get ro know 
someone, as you had.


matthias



--
Sent from my Ubuntu phone
http://www.unixarea.de/

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[Andy Ruddock]

Just as a point of interest

> I am not sure if this is an intentional limitation of the cards (to
> prevent users from choosing idiotic pins like 1234 or their birthday).

I know of somebody who had 1234 issued as their PIN for a UK bank
account (it IS as random a selection as any other 4-digit number).

-- 
Andy Ruddock

andy.rudd...@rainydayz.org (OpenPGP Key ID 0xB0324245)



signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Wednesday 12 July 2017 at 11:10:12 AM, in
, Peter
Lebbing wrote:-


> Also, back when you could do payments with the
> magstripe (which, AFAIK,
> can still be done in some countries, using your Dutch
> bank card, if you
> allow it), the PIN necessarily went to the bank,
> there was no way for a
> check by the chip in the card.

Same applies with online shopping.


- --
Best regards

MFPA  

Rose rose to put rose roes on her rows of roses.
-BEGIN PGP SIGNATURE-

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWWnxEl8UgAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5D0eAPsEM2USNmcvWzC4AIg+3+fn3jhl/nmEBLuwsxP+fFWO/wEA4N/4BKbOZOvM
gyQxzHD83+S/3v/SUlsEXr2Z7D7G6wSJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWWnxEl8UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8BwNB/0dVkuZP9A7kT+MbYLvo6Ov0LV1
jaFslkmdwCUxCiLTlvBzuIOuqZIguDXGwU3cwW45aOY25/ly51pDwfPqJ9NIlFSE
ujF+e75m9M+fz6SQpedSenE6ur1PoxeHiXDz/oxE04ESTIgUZtvohkX/OIhcBoBI
4Mh7raMU2bAMR3zvTTwbr6yVOdGHsuZ6/KAqfTxjHeBw6HpyjuzxCt7WJhK4LyjR
teLwdaXja/+U42BsjQ+uK+JLtXgpg7iYNxQ+tjkzAM2JmRp/T2ajTJBtd1N1fCzm
i35PBmeeAmKz+DrlbqRw1bRdLz407leQTot6omV4vxmqaPX35qi7y76KPYZW
=CuAo
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing PINs of German bank card

[MFPA]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512



On Wednesday 12 July 2017 at 11:01:35 AM, in
, Binarus wrote:-


> As far as I know, no bank will be able to tell you
> your PIN if you have
> forgotten it

They can in the UK. For example, see

and
.


- --
Best regards

MFPA  

I would like to help you out. Which way did you come in?
-BEGIN PGP SIGNATURE-

iNUEARYKAH0WIQQzrO1O6RNO695qhQYXErxGGvd45AUCWWnwOV8UgAAuAChp
c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNB
Q0VENEVFOTEzNEVFQkRFNkE4NTA2MTcxMkJDNDYxQUY3NzhFNAAKCRAXErxGGvd4
5F7tAQDahX3YXt78/ugOpbh8QPK2ModO2pVpvLY8V9KgMCWXkAEAvrmAl8AvHhnR
TaNn0oEcLbbdtaoEfn40m2/tDQaPewiJAZMEAQEKAH0WIQSzrn7KmoyLMCaloPVr
fHTOsx8l8AUCWWnwR18UgAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0QjNBRTdFQ0E5QThDOEIzMDI2QTVBMEY1NkI3
Qzc0Q0VCMzFGMjVGMAAKCRBrfHTOsx8l8GYzB/4uY/UeWOI/bp02rvbn7UKNGtca
XZBgBX5i/kTfO6Q7Gje0srOcLVWJJVYsUGtD6/awqiJbycBozl2MF4KndmJjDemo
UhdAACsP9oFZjNxGiufy7kNcss6I09ojlhA7E4/Y5JkbzL+KLLnXlpSnm5EEraNU
LCoPfrpKk5q4KpP7kQuxG+1Bbmp7J7MXKmroqgMddbQFjp2GRVOU2b4fYngaBBBG
V2wRFqPSv12s1Xy0a34jee2+VvuhUhG8B31WiM+cS2TKGtp1W1bNfo8prCXEVCpI
mhf/5WSEt9tQUBdbDnfZvK4P2ikKgRz/UFhbjhOdsu7xZMy5OROQ5PKRM8o5
=kC7w
-END PGP SIGNATURE-


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users