From: Nick Hilliard (nick at domain netability.ie)
Date: Mon 18 Jun 2001 - 16:04:19 IST
> What are the weak points?
Firstly, your key size is probably going to be small. If you're using a 4
digit pin on a hex keypad, then there will be just 65536 possible
combinations for your password. If it's restricted to digits only, then
you're talking about just 10K combinations. This is certainly a weak link,
which would allow pretty much anyone with a crypted password list to do a
complete BF&I password scan pretty quickly.
> Is there anything wrong with using XOR assuming
> your PINs are nicely random?
XOR is not secure. There are reversible encryption mechanisms available on
the net which are much, much better. But if you're stuck with such limited
pins, it may not make much of a difference.
Nick
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:10:43 GMT