{"id":13254,"date":"2021-12-08T20:13:06","date_gmt":"2021-12-09T01:13:06","guid":{"rendered":"https:\/\/carleton.ca\/scs\/?page_id=13254"},"modified":"2021-12-08T20:13:06","modified_gmt":"2021-12-09T01:13:06","slug":"tr-08-08-weighing-down-the-unbearable-lightness-of-pin-cracking-extended-version","status":"publish","type":"page","link":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2008\/tr-08-08-weighing-down-the-unbearable-lightness-of-pin-cracking-extended-version\/","title":{"rendered":"TR-08-08: Weighing Down &#8220;The Unbearable Lightness of PIN Cracking&#8221; (Extended Version)"},"content":{"rendered":"<p>Carleton University<br \/>\n<a href=\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2008\/\">Technical Report<\/a> TR-08-08<br \/>\nApril 29, 2008<\/p>\n<h2>Weighing Down &#8220;The Unbearable Lightness of PIN Cracking&#8221; (Extended Version)<\/h2>\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<div class=\"tr_t3\">\n<p class=\"tr_t3\">Mohammad Mannan &amp; Paul Van Oorschot<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div>\n<h3>Abstract<\/h3>\n<p>Responding to the PIN cracking attacks from Berkman and Ostrovsky (FC 2007), we outline a simple solution called salted-PIN. A randomly generated salt value of adequate length (e.g. 128-bit) is stored on a bank card in plaintext, and in an encrypted form at a verification facility under a bank-chosen salt key. Instead of sending the regular user PIN, salted-PIN requires an ATM to generate a Transport Final PIN from a user PIN, account number, and the salt value (stored on the bank card) through, e.g., a pseudo-random function. We explore different attacks on this solution, and propose three variants of salted-PIN that can protect against known attacks. Depending on the solution variation, attacks at a malicious intermediate switch now may only reveal the Transport Final PIN; both the user PIN and salt value remain beyond the reach of an attacker&#8217;s switch. Salted-PIN requires modifications to service points (e.g. ATM, point-of-sale), issuer\/verification facilities, and bank cards; however, changes to intermediate switches are not required.<\/p>\n<p><a href=\"https:\/\/carleton.ca\/scs\/wp-content\/uploads\/TR-08-08-Mannan.pdf\">TR-08-08.pdf<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Carleton University Technical Report TR-08-08 April 29, 2008 Weighing Down &#8220;The Unbearable Lightness of PIN Cracking&#8221; (Extended Version) Mohammad Mannan &amp; Paul Van Oorschot Abstract Responding to the PIN cracking attacks from Berkman and Ostrovsky (FC 2007), we outline a simple solution called salted-PIN. A randomly generated salt value of adequate length (e.g. 128-bit) is [&hellip;]<\/p>\n","protected":false},"author":49,"featured_media":0,"parent":12410,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_mi_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":"","_links_to":"","_links_to_target":""},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TR-08-08: Weighing Down &quot;The Unbearable Lightness of PIN Cracking&#039;&#039; (Extended Version) - School of Computer Science<\/title>\n<meta name=\"description\" content=\"Carleton University Technical Report TR-08-08 April 29, 2008 Weighing Down &quot;The Unbearable Lightness of PIN Cracking&#039;&#039; (Extended Version) Mohammad\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2008\/tr-08-08-weighing-down-the-unbearable-lightness-of-pin-cracking-extended-version\/\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2008\/tr-08-08-weighing-down-the-unbearable-lightness-of-pin-cracking-extended-version\/\",\"url\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2008\/tr-08-08-weighing-down-the-unbearable-lightness-of-pin-cracking-extended-version\/\",\"name\":\"TR-08-08: Weighing Down \\\"The Unbearable Lightness of PIN Cracking'' (Extended Version) - School of Computer Science\",\"isPartOf\":{\"@id\":\"https:\/\/carleton.ca\/scs\/#website\"},\"datePublished\":\"2021-12-09T01:13:06+00:00\",\"dateModified\":\"2021-12-09T01:13:06+00:00\",\"description\":\"Carleton University Technical Report TR-08-08 April 29, 2008 Weighing Down \\\"The Unbearable Lightness of PIN Cracking'' (Extended Version) Mohammad\",\"breadcrumb\":{\"@id\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2008\/tr-08-08-weighing-down-the-unbearable-lightness-of-pin-cracking-extended-version\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2008\/tr-08-08-weighing-down-the-unbearable-lightness-of-pin-cracking-extended-version\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2008\/tr-08-08-weighing-down-the-unbearable-lightness-of-pin-cracking-extended-version\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/carleton.ca\/scs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Research\",\"item\":\"https:\/\/carleton.ca\/scs\/research\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"SCS Technical Reports\",\"item\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Technical Reports 2008\",\"item\":\"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2008\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"TR-08-08: Weighing Down &#8220;The Unbearable Lightness of PIN Cracking&#8221; (Extended Version)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/carleton.ca\/scs\/#website\",\"url\":\"https:\/\/carleton.ca\/scs\/\",\"name\":\"School of Computer Science\",\"description\":\"Carleton University\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/carleton.ca\/scs\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TR-08-08: Weighing Down \"The Unbearable Lightness of PIN Cracking'' (Extended Version) - School of Computer Science","description":"Carleton University Technical Report TR-08-08 April 29, 2008 Weighing Down \"The Unbearable Lightness of PIN Cracking'' (Extended Version) Mohammad","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2008\/tr-08-08-weighing-down-the-unbearable-lightness-of-pin-cracking-extended-version\/","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2008\/tr-08-08-weighing-down-the-unbearable-lightness-of-pin-cracking-extended-version\/","url":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2008\/tr-08-08-weighing-down-the-unbearable-lightness-of-pin-cracking-extended-version\/","name":"TR-08-08: Weighing Down \"The Unbearable Lightness of PIN Cracking'' (Extended Version) - School of Computer Science","isPartOf":{"@id":"https:\/\/carleton.ca\/scs\/#website"},"datePublished":"2021-12-09T01:13:06+00:00","dateModified":"2021-12-09T01:13:06+00:00","description":"Carleton University Technical Report TR-08-08 April 29, 2008 Weighing Down \"The Unbearable Lightness of PIN Cracking'' (Extended Version) Mohammad","breadcrumb":{"@id":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2008\/tr-08-08-weighing-down-the-unbearable-lightness-of-pin-cracking-extended-version\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2008\/tr-08-08-weighing-down-the-unbearable-lightness-of-pin-cracking-extended-version\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2008\/tr-08-08-weighing-down-the-unbearable-lightness-of-pin-cracking-extended-version\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/carleton.ca\/scs\/"},{"@type":"ListItem","position":2,"name":"Research","item":"https:\/\/carleton.ca\/scs\/research\/"},{"@type":"ListItem","position":3,"name":"SCS Technical Reports","item":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/"},{"@type":"ListItem","position":4,"name":"Technical Reports 2008","item":"https:\/\/carleton.ca\/scs\/research\/scs-technical-reports\/technical-reports-2008\/"},{"@type":"ListItem","position":5,"name":"TR-08-08: Weighing Down &#8220;The Unbearable Lightness of PIN Cracking&#8221; (Extended Version)"}]},{"@type":"WebSite","@id":"https:\/\/carleton.ca\/scs\/#website","url":"https:\/\/carleton.ca\/scs\/","name":"School of Computer Science","description":"Carleton University","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/carleton.ca\/scs\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"acf":{"banner_image_type":"none","banner_button":"no"},"_links":{"self":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13254"}],"collection":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/users\/49"}],"replies":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/comments?post=13254"}],"version-history":[{"count":1,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13254\/revisions"}],"predecessor-version":[{"id":13255,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/13254\/revisions\/13255"}],"up":[{"embeddable":true,"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/pages\/12410"}],"wp:attachment":[{"href":"https:\/\/carleton.ca\/scs\/wp-json\/wp\/v2\/media?parent=13254"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}