Wikipedia:Reference desk/Archives/Computing/2016 November 28

Computing desk
< November 27	<< Oct | November | Dec >>	November 29 >

Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.

November 28

ATM PIN security

Strong computer passwords should have letters numbers and symbols. The longer the better. ATM PIN protects life savings. More important than computer accounts. So why ATM PIN can only 4 to 6 numbers? Should be easy for smart people to hack. But never see ATM PIN hacking case in the news. PIN is stored in the card or the ATM server? --Curious Cat On Her Last Life (talk) 02:35, 28 November 2016 (UTC)[reply]

First, to steal someone's savings through an ATM, a crook needs their card (or a copy of it) and their PIN. That's two-factor authentication and explains why the precautions for a strong password are not so important with an ATM PIN.

Second, even if they have both the PIN and the card, the banks will limit the amount of money that can be withdrawn in per day. This means that the crook does not have access to the victim's whole "life savings", unless the victim remains unaware of the crime for an extended period (or doesn't have much money to steal anyway), or unless the crook also is able to use a method of hacking that works around the limit, as Andrew Stone did.

And no, the PIN is not stored on the card.

--76.71.5.45 (talk) 05:04, 28 November 2016 (UTC)[reply]

Also I believe it's standard practice to lock out the card after a certain number of failed PIN entries, to deter brute-forcing. Another dimension to the issue: though it varies, a fraudulent transaction will often be reversed by a financial institution if it's reported by the account holder in due time. Financial institutions carry insurance against losses, including fraudulent transactions. If there were a huge problem with fraudulent use of PINs, financial institutions would have already done something about it, because it would result in costs to them. Really, every security measure is about a balance of trade-offs: increased security versus the costs associated with the measure ("cost" in this sense meaning not just financial costs, but things like inconvenience). --47.138.163.230 (talk) 09:58, 28 November 2016 (UTC)[reply]

With Chip and PIN the PIN is stored in encrypted form on the card. See this for one example saying this.--Phil Holmes (talk) 11:33, 28 November 2016 (UTC)[reply]

Where does it say that? I see an answer that says "It also stores the card number and a hash of the PIN." -- Finlay McWalter··–·Talk 12:33, 28 November 2016 (UTC)[reply]

Is a hash of the PIN not the PIN in an encrypted form? I also only gave this as one example of where it is said that the PIN is stored on the card. Other places say that this also allows C&P verification to be performed offline.--Phil Holmes (talk) 13:55, 28 November 2016 (UTC)[reply]

Calling it "encryption" is at best an unfortunate wording, implying there could be "decryption", which there can't. What they surely store is a hash of the (PIN+unique salt), to prevent someone who had extracted the hash data from the chip from using a rainbow table to brute-force the clear PIN. An offline reader can read the salt (which isn't secret), compose it with the PIN, and calculate the hash. If the hashes compare, the PIN is correct - but, because the card doesn't really store the PIN, there is no way a reader could know, for example, which digit was mistyped. Given the tiny size of the PIN keyspace, surely the salt is much bigger than the PIN. -- Finlay McWalter··–·Talk 14:18, 28 November 2016 (UTC)[reply]

Actually, I should correct that - the PIN verification is done by the crypto processor on the card itself - the terminal sends it the PIN and the card itself does the hash verification and simply returns a success/fail code to the terminal. I think that the exchange of the PIN between the terminal and the card is encrypted (on a session created with public key cryptography between the card and the terminal) so the clear PIN isn't transmitted in plain between the two (over the relatively vulnerable ISO/IEC 7816 physical connector). -- Finlay McWalter··–·Talk 14:26, 28 November 2016 (UTC)[reply]

What they surely store is a hash of the (PIN+unique salt)... An offline reader can read the salt (which isn't secret)... - Huh? If Mallory can read ${\displaystyle S}$  and ${\displaystyle H(S,pin)}$  offline, and the hash function is a (known) part of the protocol, they can easily brute-force the pin since the search space is so small. I am not sure, even having read the links, but I suspect either (1) there is another ingredient in the hash, for example a public cryptographic key whose private counterpart is in the bank's servers a second salt that is stored in the bank's server but not in the card, or (2) hardware security prevents direct access to those (i.e. the chip requires you to follow the interrogation protocol, which fries the card at 3 unsuccessful attempts). My money would be on option #1. Tigraan^{Click here to contact me} 15:27, 28 November 2016 (UTC)[reply]

(2) is certainly true - the card will lock itself if multiple tries are attempted. And it has various layers of tamper-resistance, wherein attempts to debond it or drill into it will cause it to destroy itself permanently. -- Finlay McWalter··–·Talk 15:42, 28 November 2016 (UTC)[reply]

The links say that the card should suicide if accessed improperly, so in that sense, (2) is true; in the context here, I meant "effectively, the pin is stored, but there are physical protections around it". I hope this is not the only line of defense (especially since there is an easy cryptographic way to add a bit of security; I simplified my proposition above). Of course, that is by no way a proof and security has been botched numerous times, but still. Tigraan^{Click here to contact me} 15:55, 28 November 2016 (UTC)[reply]

On 47's point, the fraudulent transactions are a problem, but not in the form the OP envisages. The biggest problem is skimming, where the card is read and PIN entry recorded and a cloned card is used. This causes problems for financial institutions so there are efforts to counter it but increasing PIN length isn't one thing that's going to help. While it can be annoying to some customers and can cause some temporarily loss of money and the effects thereof, it doesn't generally result in the loss of life savings even for very poor people for the simple reason the money will be returned by the financial institution. Less common but with stolen wallets etc, there can be a problem with people writing down their PINs and storing this with the card. However increasing PIN length is if anything going to make this more likely. There are also cases where people are forced to give up the PIN, PIN length isedit: isn't going to help here. Finally you have the small number of cases where the PIN is simply guessed due to some knowledge of what the person is likely to choose. Increasing length may help with this but since it's such a minor concern (remember brute forcing is limited to very few tries) edit: it's not likely to be forced. Nil Einne (talk) 12:30, 28 November 2016 (UTC)[reply]

So why ATM PIN can only 4 to 6 numbers?
From the Personal identification number article: "The inventor of the ATM ... had at first envisioned a six-digit numeric code, but his wife could only remember four digits, and that has become the most commonly used length...". The PIN management standard ISO 9564-1 allows for up to 12 digits (noting that longer PINs are more secure but harder to use), but I don't know if any bank actually allows that many. Mitch Ames (talk) 11:46, 28 November 2016 (UTC)[reply]

An observation: Some friends were discussing this very topic a couple of years ago, and we all had 4 digit PINs, comprised of 3 different digits. I received a new PIN last week and there is still a repeated digit. I don't know how that affects security. --TrogWoolley (talk) 12:13, 28 November 2016 (UTC)[reply]

Some banks allow you to change your PIN to be longer than the typical 4 digits. One of my friends did this several years ago. At the time, I was surprised that it was even possible, but apparently it is an option. For what it is worth, my bank now defaults to a 6-digit PIN. Dragons flight (talk) 12:33, 28 November 2016 (UTC)[reply]

Some friends were discussing this very topic ... we all had 4 digit PINs, comprised of 3 different digits. ... I don't know how that affects security
Disclosing some information about your PIN to your friends (or anyone else) increases the probability that they could guess or shoulder surf your PIN, so it decreases your security. Mitch Ames (talk) 13:04, 28 November 2016 (UTC)[reply]

4 digit PINs, comprised of 3 different digits. ... a repeated digit.
Given a random 4-digit PIN there's about a 50% probability of it having at least one duplicate digit, ie not 4 different digits. Four digits gives 10,000 total combinations. There are only 10*9*8*7 = 5,040 combinations with all 4 digits different. (10 possible values for 1st digit, 9 possible values for 2nd because you can't re-use the first, 8 for 3rd digit because you can't re-use the first 2, ...) Mitch Ames (talk) 13:24, 28 November 2016 (UTC)[reply]

• In the specific case where a person knows what digits are in your PIN, but not the order, then a PIN with one repeating digit is more secure. This isn't a big deal for bank cards, but it can make a difference for alarms and security systems where an attacker can look for fingerprints or wear on the buttons. If your PIN number consists of four numerals, 1,2,3,4, there are 4*3*2*1 = 24 permutations (1234, 1243, 1423, 1432 and so on). If it consists of three numerals, 1,2,3, but one is duplicated, there are 36 permutations: 12 of the form 1,1,2,3, 12 like 1,2,2,3 and 12 like 1,2,3,3. This means that it should take an attacker 50% longer on average to crack the code by brute force. Two duplicate numerals however make you less safe - you only have 14 permutations (4 like 1,1,1,2, 6 like 1,1,2,2, and 4 like 1,2,2,2). If all your digits are the same, change your PIN! Smurrayinchester 09:51, 30 November 2016 (UTC)[reply]

It's enough. To "brute-force" a PIN, you're going to have to stand there for a long time. Hundreds of tries per card, probably. That's a lot of tries - odds are someone will notice you at the cash machine or the bank software will lock you out. Even a three-digit PIN would be "pretty" secure unless had hundreds of stolen cards you were going to try. People are forgetful and really need cash in emergencies - you need to balance something everyone can remember with something that's secure enough. If PINs were ten digits, you know people would write down the code in their wallet and it would be right next to the card when someone snatches your wallet. Also, the longer the code, the longer the queue at the cash machine. Blythwood (talk) 21:41, 29 November 2016 (UTC)[reply]