I don't think so - based on math and science.
If the crypto algorithm is known, the key is static - because the pin is stolen with static key - and key is not dynamically change, then using supercomputer or distributed computing to crack the key - will reveal the pin - isn't it?
If key is dynamic and keep
changing, before the old key is crack, new key is issued - and make the
cracking of old key meaningless and a futile exercise.
How long to crack the key will depend on the key strength, the type of crypto used.
Also wonder where the data was stolen eg. from file folders, from database, from backup or from network link.
Also wonder where does encryption take place - web encryption, file encryption? database encryption? backup encryption? network link encryption?
babe babe
The only way to make the PIN safe is to change the PIN now for all customers - so that when the hackers manage to crack the keys months or years later and reveal the PIN, the PIN is no longer of used.
babe
babe
Also wonder, how did the hackers manage to
penetrate the company's network system to steal the
PIN?
penetrate the company's network system to steal the
PIN?
Or is the network system properly design, protected
or vulnerability tested?
or vulnerability tested?
If 2FA (2 Factor Authentication) is used for access to
internet banking, stealing PIN may have limited
damage because even if the correct pin is used, the
2nd FA such as the correct OTP or token need to be
provided - before gaining access to do banking
transaction.
internet banking, stealing PIN may have limited
damage because even if the correct pin is used, the
2nd FA such as the correct OTP or token need to be
provided - before gaining access to do banking
transaction.
A 3 try failure will cause the PIN to lockout - and
hackers cannot try millions of access to brute force
login to internet banking - rendering the stolen PIN
useless. (Correct or not?)
encryption above come with dynamic key exchange.
Also the PIN is encrypted multiple times over using different crypto algorithm, different key management
protocol, different key strength, different static and
dynamic key exchanges - then even
supercomputer and distributed computers - also
go haywire.
hackers cannot try millions of access to brute force
login to internet banking - rendering the stolen PIN
useless. (Correct or not?)
If the company do all the
below :-
web encryption, file encryption. database
encryption.
backup encryption. network link encryption.
Then
I agree the PIN will be very safe - because some backup encryption. network link encryption.
encryption above come with dynamic key exchange.
Also the PIN is encrypted multiple times over using different crypto algorithm, different key management
protocol, different key strength, different static and
dynamic key exchanges - then even
supercomputer and distributed computers - also
go haywire.
No comments:
Post a Comment