pointertovoid Posted December 16, 2016 Posted December 16, 2016 Hello everybody! You may know (but are welcome to ignore) that France has already had trouble with the security of bank chip cards. Well, it didn't really improve, whatever the reason is. In 1984, the bank card association chooses an RSA key length of 320 bits, far too little. Whether the government interfered it everyone's guess. In 1988, academic experts warn that the key is too short. Neither the association nor the government react. Additionally, the symmetric encryption has a 56-bit key: too short as well, broken efficiently in 1998. In 1998, the factorization record is 430 bits, but the association hasn't moved. An enthusiast, Serge Humpich, factors the 320-bit key of the French bank cards association, and shows the association that he can forge bank cards that would be usable for bad purposes. The French state jails Mr. Humpich and censors the Press about it, as if the real enemies had needed newspapers to know the weakness, but makes no serious technical decision. Presently (end 2016), the RSA key length is 768 bits on French bank cards, waooo. When this was decided, the factorization record was 512 bits, and experts warned not to stay too long with 1024-bit keys. The present factorization record is 768 bits toohttps://en.wikipedia.org/wiki/RSA_numbers#RSA-768 and once a big machine has factored the association's key, any fake bank card can use the factors. Well done again!
dencorso Posted December 16, 2016 Posted December 16, 2016 So? AFAIK, Serge_Humpich has since moved on, and nowadays works on IT, in France.
pointertovoid Posted December 18, 2016 Author Posted December 18, 2016 The point is that the French bank card association could slowly begin to imagine to give a thought at the possibility of conceiving the project of picking a longer key. Unless, of course, they want to run into trouble again.
Tarun Posted January 4, 2017 Posted January 4, 2017 I'd really like to see this credit card that has an authenticator take off worldwide. https://forums.lunarsoft.net/topic/6349-new-credit-card-that-acts-like-an-authenticator/
Tripredacus Posted January 5, 2017 Posted January 5, 2017 We have the ability to reduce fraud in the US now, but it isn't being used. It was introduced, some time last year, with a big push to have chip readers. This is said to combat against people who could clone magnetic strips, but the implementation is not being used properly. This is a proper 2FA type system but the credit card companies are only using it for one factor vs the other. Now it is they either read the strip or read the chip (neither of which are secure) but it should be reading from both. I think I'd rather see the current technology used properly first before seeing if we need to roll out even newer things.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now