Weighing Down "The Unbearable Lightness of PIN Cracking"

Weighing Down “The Unbearable Lightness of PIN Cracking” (Extended Version)⋆

Responding to the PIN cracking attacks from Berkman and Ostrovsky (FC 2007), we outline a simple solution called salted-PIN. A randomly generated salt value of adequate length (e.g. 128-bit) is stored on a bank card in plaintext, and in an encrypted form at a verification facility under a bank-chosen salt key. Instead of sending the regular user PIN, salted-PIN requires an ATM to generate a Tra...

The Unbearable Lightness of PIN Cracking

We describe new attacks on the financial PIN processing API. The attacks apply to switches as well as to verification facilities. The attacks are extremely severe allowing an attacker to expose customer PINs by executing only one or two API calls per exposed PIN. One of the attacks uses only the translate function which is a required function in every switch. The other attacks abuse functions t...

Existential Investigation: The Unbearable Lightness of Being and History

The Unbearable Lightness of Distributed Programming: A Survivor's Guide

The Unbearable Lightness of Regulatory Costs

The Article counters the presumption that increased environmental regulation necessarily decreases economic prosperity. It analyzes the European chemical regulatory structure and deduces that any costs imposed on the consumer are minimal, and more cost effective than watered-down American regulations covering the same subject matter with approximately the same cost imposed on the consumer-taxpa...