Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sign in to follow this  
pointertovoid

Bank card security in France

Recommended Posts

Hello everybody!

You may know (but are welcome to ignore) that France has already had trouble with the security of bank chip cards. Well, it didn't really improve, whatever the reason is.

In 1984, the bank card association chooses an RSA key length of 320 bits, far too little. Whether the government interfered it everyone's guess.

In 1988, academic experts warn that the key is too short. Neither the association nor the government react.
Additionally, the symmetric encryption has a 56-bit key: too short as well, broken efficiently in 1998.

In 1998, the factorization record is 430 bits, but the association hasn't moved. An enthusiast, Serge Humpich, factors the 320-bit key of the French bank cards association, and shows the association that he can forge bank cards that would be usable for bad purposes. The French state jails Mr. Humpich and censors the Press about it, as if the real enemies had needed newspapers to know the weakness, but makes no serious technical decision.

Presently (end 2016), the RSA key length is 768 bits on French bank cards, waooo. When this was decided, the factorization record was 512 bits, and experts warned not to stay too long with 1024-bit keys.

The present factorization record is 768 bits too
https://en.wikipedia.org/wiki/RSA_numbers#RSA-768
and once a big machine has factored the association's key, any fake bank card can use the factors.

Well done again!

Share this post


Link to post
Share on other sites

So? AFAIK, Serge_Humpich has since moved on, and nowadays works on IT, in France.

Share this post


Link to post
Share on other sites

The point is that the French bank card association could slowly begin to imagine to give a thought at the possibility of conceiving the project of picking a longer key.

Unless, of course, they want to run into trouble again.

Share this post


Link to post
Share on other sites

We have the ability to reduce fraud in the US now, but it isn't being used. It was introduced, some time last year, with a big push to have chip readers. This is said to combat against people who could clone magnetic strips, but the implementation is not being used properly. This is a proper 2FA type system but the credit card companies are only using it for one factor vs the other. Now it is they either read the strip or read the chip (neither of which are secure) but it should be reading from both. I think I'd rather see the current technology used properly first before seeing if we need to roll out even newer things.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×