IBM Crypto Up For Grabs?

An Anonymous Coward writes: "BBC Newsnight have tonight shown an article about a groups of hackers who are about to release details of the vulnerability of the IBM Cryptographical processors. ( Details here.) The BBC article can be watched online here. Alan Cox makes a starring role ;)" windowlicker adds some detail: "Mike Bond and Richard Clayton, from Cambridge University, have cracked IBM's 4758 crytoprocessor running the 'Common Cryptographic Architecture' (CCA). You can do the same with $1000-worth of hardware and the info from here. Many banks use this system for protecting PINs." The video file requires Real software; here's the BBC's article online for those of us without.

RealVideo Coverage

[guru_steve]

I'm watching the video right now, and its taken a bit of time to find out where this segment is on the bbc news.

So, for those of you who don't feel like jumping around the video for this segment, it starts at about 22 minutes in the broadcast.

Re:Only a matter of time

[Black+Acid]

The PIN is four decimal digits = 10,000 combinations ~= somewhere between 13 and 14 bits of security.

For those interested, you can find how many bits a key with x values is using logarithms:

bits = log(x) / log(2), or

bits = d / log(2)

Where d is the number of decimal digits the key is. Therefore, a 4-digit PIN has 4/log(2) or precisely 13.287712379549449391481277717958 bits of cryptographic strength. Not much compared even to weak encryption such as 64-bit DES, or the 56-bit des-ii cracked by d.net.