Here's a *BRILLIANT* password idea! (Sarcasm on)

[DAVID NEWALL]

In article <3057 at ingr.UUCP>, crossgl at ingr.UUCP (Gordon Cross) writes:
> As I understand it, the only thing encoded on the card itself is the card
> number (the UNIX equivalent of a user name).  The card holder must supply
> his secret number which the ATM forwards (along with the card number) to the
> bank's central computer for verification.  Presumably this information is
> encrypted to prevent someone from tapping the transmission...

It is not possible for ATMs to be on-line *all* the time.  There are many
reasons for this, one of which is, I believe, scheduled downtime.  However,
even when the ATM is off-line, it still functions (although some functions,
account balance enquiry for example, are unavailable).

>From this I conclude that the PIN can be verified from information recorded
on the card.  I guess that *my* PIN is encrypted, and stored on the card,
although milage may vary from bank to bank.

One hopes that the encryption mechanism used is kept secret.

David Newall                     Phone:  +61 8 343 3160
Unix Systems Programmer          Fax:    +61 8 349 6939
Academic Computing Service       E-mail: ccdn at levels.sait.oz.au
SA Institute of Technology       Post:   The Levels, South Australia, 5095