Here's a *BRILLIANT* password idea! (Sarcasm on)

[John Moore]

In article <32305 at think.UUCP> barmar at kulla.think.com.UUCP (Barry Margolin) writes:
]In article <10900 at ulysses.homer.nj.att.com> ekrell at hector.UUCP (Eduardo Krell) writes:
]>In article <438 at amanue.UUCP> jr at amanue.UUCP (Jim Rosenberg) writes:
][ATM passwords are 4 digits]
]>I don't know about your bank, but mine will take away your card if you
]>enter the wrong PIN something like 3 or 5 times in a row (the ATM will
]>eat the card).
]
]Even without this, there are other safeguards.  First and foremost,
]the perpetrator needs your card.  Of course, if he has your card he
]doesn't really need to guess your password, since it is encoded on the
]card, so if he knows what he is doing he can simply change it.  If he
]doesn't have your card, but has instead manufactured a forged card, he
]doesn't need your password since he can put whatever password he wants
]on it.
The password is stored on the card encrypted with DES. If you don't know
the key, you can't write a password onto the card AND know what it is.
]
]you would have to stand there typing in passwords.  If you could enter
]a password every second it could take three hours to find a password.
]If the ATM spits out the card after a couple of bad passwords (as I
]think mine does) this could slow you down by an order of magnitude.
Often the ATM will eat the card if it detects a possible security
violation (more than 3 tries at a PIN, etc)
-- 
John Moore (NJ7E)           {decvax, ncar, ihnp4}!noao!nud!anasaz!john
(602) 861-7607 (day or eve) {gatech, ames, rutgers}!ncar!...
The opinions expressed here are obviously not mine, so they must be
someone else's. :-)