Nationwide also to introduce "Card Reader Security"

Three guesses using the device. Then the card locks up. Three further guesses when you take the card to an ATM to try to unlock it.

"Alex" wrote

Eh? Suppose the thief guesses 1111, 2222 and 3333 on the first card, then 4444, 5555 and 6666 on the second card and finally

7777, 8888 and 9999 on the last card. If the PIN that Tim W has used (on all three cards) was any of those 9 guesses, then the thief cracks at least one card. I count only 9991 other possibilities for a four-digit PIN (that would be "safe" if the thief made the above guesses) -- where do you get 9999 from?

At 14:43:08 on 31/01/2008, Ronald Raygun delighted uk.finance by announcing:

But then the whole point of the 'risk' was that muggers could try PINs without risking a visit to an ATM and any associated cameras.

I think I got that wrong. I can't actually work out what I was doing now.

Tim.

At 14:46:30 on 31/01/2008, Tim delighted uk.finance by announcing:

There are 9999 numbers per card that will not result in a compromised card. You seem to be meaning something other than you're saying.

"Alex" wrote

I don't think so... The thief guesses 1111, 2222 &

3333 on the first card. There are only 9997 other PIN possibilities that, if the correct PIN were one of those 9997, would not result in compromising the card - aren't there?

If the correct PIN was any of 1111, 2222 or 3333 then the first card *would* be compromised (and so also, in effect, would the other two cards which use the same PIN).

"Alex" wrote

No, I think you are probably misunderstanding what we are saying!

Quite so, they can, but they get 3 no-risk guesses in addition to the 3 with-risk guesses they already have. Or, um, is it that they get 3 no-risk plus 3 with-risk guesses in place of the 6 with-risk guesses they already have? Does an ATM keep the card after the first

3 guesses have locked it, or do you get it back and get the chance at 3 unlocking guesses elsewhere?

At 15:11:50 on 31/01/2008, Tim delighted uk.finance by announcing:

Yes. There are 9999 in total, per card.

At 15:20:14 on 31/01/2008, Ronald Raygun delighted uk.finance by announcing:

The ATM will normally keep it. I've yet to need to unlock my PIN so I'm not sure you would even get the 3 extra attempts. It may even ask to confirm other information before it will unlock the card (DOB, for instance). Some banks (e.g. First Trust) will require you to call them before they will authorise the unlocking. Anyone got any actual experience?

Perhaps I should have tried it on the unused card I just cut up...

"Alex" wrote

What are you trying to say now? Earlier, you agreed that there were 10,000 in total (you said: "9,999 of the possible 10,000 PINs").

If you remove three from the possible 10,000 then you get 9997. If you remove nine from the possible 10,000 then you get 9991. Easy, innit?!

At 16:06:46 on 31/01/2008, Tim delighted uk.finance by announcing:

Let's try just the once more. There are 10,000 combinations, of which

9,999 are invalid.

"Alex" wrote

Yep. But try all 10,000 and you'd be guaranteed to get the one "valid" one. Similarly, try nine of the possibles and you've got a 1 in 1111.111 chance of trying the one correct PIN.

Do you agree now?

I wasn't quoting anything, that's how to login to Barclays Internet banking. I tried it with my real card reader and 'mistyped' my PIN in the first case.

The card reader instructions are here:

which outline the process. Click on 'Watch PINsentry in action' here for a flash video of the process: Theo

At 16:38:47 on 31/01/2008, Tim delighted uk.finance by announcing:

I never disagreed with that.

"Alex" wrote

OK, so what *did* you disagree with, when you queried my comment that: "For 9,991 out of the possible 10,000 PINs, the thief won't crack any card...", saying 9999 instead?

9,991 out of 10,000 not compromised is equivalent to 1 in 1111.111 compromised...

There are four possibilities (two orthogonal sets of two):

Either the numbers are in fact all the same or all three are different (we'll disregard the possibility where two cards have the same PIN and the third card differs).

The thief will use one of two strategies. He will either make all nine guesses (three per card) different (call this strategy 1), or he will only make three different guesses per card but is not bothered about re-using on one card a guess already tried on a previous card (call this strategy 2). His choice of strategy will depend on any knowledge or inkling he has, so if he reckons the numbers are likely to be the same, he will prefer strategy 1.

In all four cases card 1 receives the same treatment:

Guess 1 is taken from the full set of 10k numbers, and the card number can be any of those 10k numbers. So the failure probability (hereafter fp) for guess 1 is 9999/10000.

Guess 2 is taken from the set of 9999 numbers which excludes the

1st guess and the actual number is one of those 9999. So the fp for g2 is 9998/9999.

Similarly fp for g3 is 9997/9998 and hence the overall fp for card 1 is 9997/10000.

Now on to cards 2 and 3.

Case 1: Numbers are the same, thief uses strategy 1.

Guess 4 is taken from the set of 9997 numbers not yet tried, and the actual number is in that set, so fp for g4 is 9996/9997. Similarly for g5 to g9 and we get an overall fp for all 3 cards of 9991/10000. This corresponds to a chance for at least one success of 1 in 1111.1111.

Case 2: Numbers are the same, thief uses strategy 2.

Guess 4 is taken from the full 10k set, but the actual number is in the set of 9997 not yet tried. So there is a 3/10000 chance of g4 being the same as one of g1 to g3 and therefore wrong, and thus a

9997/10000 chance of being perhaps right, but with an fp of 9996/9997. The overall fp for g4 is therefore (3+9996)/10k.

G5 is taken from the 9999 excluding g4 and the actual number is in the

9996 set excluding g1 to g4. G4 has a 3/9999 chance of coinciding with g1-3 (and so being wrong) and a 9996/9999 chance of having an fp of 9995/9996. Overall g5 fp is (3+9995)/9999.

Similarly g6 fp is 9997/9998 and so fp for c2 is 9997/10000. Similarly fp for c3 is also .9997. So we get an overall case 2 fp of (.9997) cubed, corresponding to a chance of success of 1 in 1111.4445.

Case 3: Numbers different, strategy 2.

G4 is taken from the full 10k set and the number is in that set. Etc etc and we see that c2 and c3 have the same fp as c1, so the overall case 3 fp is also (.9997) cubed.

Case 4: Numbers the same, strategy 1.

G4 is taken from the 9997 set which excludes g1-g3, but the actual number can be any of the 10k. There is a 3/10k chance of the actual number not being in the set from which g4 is chosen, and so the guess will be wrong no matter which of the 9997 possible guesses is picked. Then the chance is 9997/10k that the fp will be 9996/9997. We can see the arithmetic is going to be the same for case 4 as it is for case 2, with the same result, .9997 cubed.

So in conclusion, if the thief uses strategy 2 *or* if the numbers are different, his success chances are 1 in 1111.4445, but *only if* he uses strategy 1 *and* the numbers are in fact the same, will his chances be slightly improved to 1 in 1111.1111. What this means for the thief is that he may as well use strategy 1 all the time because his chance of success will be no worse than with strategy 2 if the numbers are different, but will be better if they're the same.

There's another twist, though. If the numbers are indeed the same, there is an advantage to have cracked one card before the guesses on the other cards have all been used up. This means that the prospects of cracking more than one card are improved by amending strategy 1 by not trying three guesses on card 1, then 3 on c2, etc, but by guessing one number on card 1, then one on c2, then one on c3, and then cycling through the cards twice more. That way, if one of the first 6 guesses is successful, you can crack all three cards.

"Ronald Raygun" wrote

... OK so far ...

"Ronald Raygun" wrote

Hmmm - but if g4 equals any of g1-g3, then the set will have *9997* members, not just 9996!!

"Ronald Raygun" wrote

I assume you mean G5 here?

"Ronald Raygun" wrote

... Agreed ...

"Ronald Raygun" wrote

I think that only applies with a probability of 9997/10000 (ie when g4 is different to all of {g1,g2,g3}), but that your last line would be: "a 9996/9999 chance of having an fp of 9996/9997" with a probability of 3/10000 (ie when g4 is equal to one of {g1,g2,g3}).

"Ronald Raygun" wrote

I think it's actually a *little* bit more than that!

"Ronald Raygun" wrote

... or try *two* guesses on card1 then two guesses on card2 then three on card3, then go back to c1 & c2.

Aargh!

I do indeed.

OK. Pity it screws up the simple ratios where most of the integers cancel out.

OK, if you *know* the numbers are the same, it is sufficient to leave just one spare guess per card, and you may as well save yourself some swapping around of cards.

But if you only *suspect* they might be the same, is it not better to keep more spare guesses available?

E.g. if you crack card 3 with its 1st guess, having used only one guess each of cards 1 & 2, you would then try the same number as card 1's 2nd guess. If it fails, you know the numbers are not all the same, and you still have 3 more guesses available with which to attack cards 1 and 2.

But if you crack card 3 with its 1st guess, having used two guesses on each of cards 1 & 2 alreeady, then if c1's 3rd guess fails, you only have one more go at card 2.

"Ronald Raygun" wrote

;-)

"Ronald Raygun" wrote

Indeed. But I don't think that it alters the final result all that much!

"Ronald Raygun" wrote

In that case, you will have got lucky on the third guess (overall)...

"Ronald Raygun" wrote

But if you had used the "two guesses on card1" strategy and got lucky on the third guess (overall), then you'd crack card2 on its first guess and can then try that PIN on card 3.

If it fails, then you know the numbers are not all the same, and you still have 3 more guesses available with which to attack cards 1 and 3. [The same number left as for your strategy!]

"Ronald Raygun" wrote

That's because you've already used up 2 more guesses than in your case - either of which could have been right, just like the two extra you'd still have left above...