Bank chip card security

[Enthalpy]

Hello everybody!

 

You may know (but are welcome to ignore) that France has already had trouble with the security of bank chip cards. Well, it didn't really improve, whatever the reason is.

 

In 1984, the bank card association chooses an RSA key length of 320 bits, far too little. Whether the government interfered it everyone's guess.

 

In 1988, academic experts warn that the key is too short. Neither the association nor the government react.
Additionally, the symmetric encryption has a 56-bit key: too short as well, broken efficiently in 1998.

 

In 1998, the factorization record is 430 bits, but the association hasn't moved. An enthusiast, Serge Humpich, factors the 320-bit key of the French bank cards association, and shows the association that he can forge bank cards that would be usable for bad purposes. The French state jails Mr. Humpich and censors the Press about it, as if the real enemies had needed newspapers to know the weakness, but makes no serious technical decision.

 

Presently (end 2016), the RSA key length is 768 bits on French bank cards, waooo. When this was decided, the factorization record was 512 bits, and experts warned not to stay too long with 1024-bit keys.

 

The present factorization record is 768 bits too

https://en.wikipedia.org/wiki/RSA_numbers#RSA-768

and once a big machine has factored the association's key, any fake bank card can use the factors.

 

Well done again!

[fiveworlds]

any fake bank card can use the factors.​

 

 

But fake bank cards will not be in the bank's database. They will need to make a copy of a real active bank card. If you try to use a fake card 99.9% of the time it isn't going to work just like using a cancelled bank card. Also all french bank cards use the chip and pin system. You must know the pin in order to use the card. Failing to get the pin right a number of times will result in the card being cancelled and will most likely get reported to the police.

Edited December 16, 2016 by fiveworlds

[John Cuthber]

According to that wiki page "The CPU time spent on finding these factors by a collection of parallel computers amounted approximately to the equivalent of almost 2000 years of computing on a single-core 2.2 GHz AMD Opteron-based computer"

​How much is the electricity bill for that

There are easier ways to make money. Computer security doesn't need to make it impossible to hack in; it only has to make it pointless.?

[StringJunky]

According to that wiki page "The CPU time spent on finding these factors by a collection of parallel computers amounted approximately to the equivalent of almost 2000 years of computing on a single-core 2.2 GHz AMD Opteron-based computer"

 

​How much is the electricity bill for that

There are easier ways to make money. Computer security doesn't need to make it impossible to hack in; it only has to make it pointless.?

Plus you'll only be given no more than 5 erroneous attempts and the card will be blocked.