Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encrypted PIN Data Taken In Target Breach

Posted by Soulskill on from the now-you're-all-targets dept.

New submitter danlip writes "Target has confirmed that encrypted PIN data was taken during its recent credit card breach. Target doesn't think they can be unencrypted by whoever may have taken them, because the key was never on the breached system. The article has no details on exactly how the PINs were encrypted, but it doesn't seem like it would be hard to brute force them." Another article at Time takes Target to task for its PR doublespeak about the breach.

3 of 213 comments (clear)

  1. We'll know soon by Above · · Score: 5, Funny

    When 25% of the pins encrypt to one string, and 25% to another, we'll know they used a symmetric cipher with a fixed key, and that one batch is "0000" and one is "1234".

  2. Re:3des by CreatureComfort · · Score: 4, Funny

    I think they meant to say the key was stored on somebody's Nintendo 3DS.

    --
    "Unheard of means only it's undreamed of yet,
    Impossible means not yet done." ~~ Julia Ecklar
  3. Re:Time to ask the bank for a new debit card and P by ColdWetDog · · Score: 4, Funny

    I think you can safely assume that when a Slashdot poster talks about a legal problem, a problem with consumer protection or issues with the health care system, they are either talking about the USA or, perhaps, North Korea.

    --
    Faster! Faster! Faster would be better!