pointertovoid Posted December 16, 2016 Share Posted December 16, 2016 Hello everybody! You may know (but are welcome to ignore) that France has already had trouble with the security of bank chip cards. Well, it didn't really improve, whatever the reason is. In 1984, the bank card association chooses an RSA key length of 320 bits, far too little. Whether the government interfered it everyone's guess. In 1988, academic experts warn that the key is too short. Neither the association nor the government react. Additionally, the symmetric encryption has a 56-bit key: too short as well, broken efficiently in 1998. In 1998, the factorization record is 430 bits, but the association hasn't moved. An enthusiast, Serge Humpich, factors the 320-bit key of the French bank cards association, and shows the association that he can forge bank cards that would be usable for bad purposes. The French state jails Mr. Humpich and censors the Press about it, as if the real enemies had needed newspapers to know the weakness, but makes no serious technical decision. Presently (end 2016), the RSA key length is 768 bits on French bank cards, waooo. When this was decided, the factorization record was 512 bits, and experts warned not to stay too long with 1024-bit keys. The present factorization record is 768 bits toohttps://en.wikipedia.org/wiki/RSA_numbers#RSA-768 and once a big machine has factored the association's key, any fake bank card can use the factors. Well done again! Link to comment Share on other sites More sharing options...
jaclaz Posted December 16, 2016 Share Posted December 16, 2016 And the point is? jaclaz Link to comment Share on other sites More sharing options...
dencorso Posted December 16, 2016 Share Posted December 16, 2016 So? AFAIK, Serge_Humpich has since moved on, and nowadays works on IT, in France. Link to comment Share on other sites More sharing options...
pointertovoid Posted December 18, 2016 Author Share Posted December 18, 2016 The point is that the French bank card association could slowly begin to imagine to give a thought at the possibility of conceiving the project of picking a longer key. Unless, of course, they want to run into trouble again. Link to comment Share on other sites More sharing options...
Tarun Posted January 4, 2017 Share Posted January 4, 2017 I'd really like to see this credit card that has an authenticator take off worldwide. https://forums.lunarsoft.net/topic/6349-new-credit-card-that-acts-like-an-authenticator/ Link to comment Share on other sites More sharing options...
Tripredacus Posted January 5, 2017 Share Posted January 5, 2017 We have the ability to reduce fraud in the US now, but it isn't being used. It was introduced, some time last year, with a big push to have chip readers. This is said to combat against people who could clone magnetic strips, but the implementation is not being used properly. This is a proper 2FA type system but the credit card companies are only using it for one factor vs the other. Now it is they either read the strip or read the chip (neither of which are secure) but it should be reading from both. I think I'd rather see the current technology used properly first before seeing if we need to roll out even newer things. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now