IBM Crypto Up For Grabs?

An Anonymous Coward writes: "BBC Newsnight have tonight shown an article about a groups of hackers who are about to release details of the vulnerability of the IBM Cryptographical processors. ( Details here.) The BBC article can be watched online here. Alan Cox makes a starring role ;)" windowlicker adds some detail: "Mike Bond and Richard Clayton, from Cambridge University, have cracked IBM's 4758 crytoprocessor running the 'Common Cryptographic Architecture' (CCA). You can do the same with $1000-worth of hardware and the info from here. Many banks use this system for protecting PINs." The video file requires Real software; here's the BBC's article online for those of us without.

Re:Only a matter of time

[WasterDave]

10,000 combinations ~= somewhere between 13 and 14 bits of security. It is entirely feasible for a quick P4 to encrypt every single PIN within an hour, with time left over to play Unreal Tournament.

But if you read their page about how PIN works it becomes aparrent that you still need the derivation key, which is the hard bit to get.

Fake ATMs have been installed in shopping malls, collecting PINs and ATM cards from unsuspecting victims

LOL! Someone did a whole bunch of these in the UK a couple of years ago. Looked and smelled like an ATM, but took the PIN then complained that the card was borked, or something. Easy EASY kill.

because PINless credit card fraud is still so easy.

Exactly. 1e6+1 easier ways of stealing money than opening an ATM with an oxy-acetylene, spending two days cracking it with an FPGA and using all that to hack the banks comms. Easier to just look over some lamers shoulder then pick their pocket. Not that I would know. Not at all.

Dave