PINsentry

Discussion in 'other security issues & news' started by anon_private, Feb 15, 2015.

  1. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    58
    Location:
    UK
    I f I use Pinsentry evidently I can get a code from the card reader and type it into the banking page and gain access.

    My question is: How does this work?

    I have not used the card reader yet, but I assume that I will get a different number each time I insert my card, so how does the Bank's server know that my number is correct?

    Thanks
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
  3. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,309
    Location:
    England
  4. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    58
    Location:
    UK
    Thank you.

    I will read the links.

    Best wishes.
     
  5. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    58
    Location:
    UK
    I have read the links.

    I am still a little confused.

    Am I right in thinking that the Pinsentry number generated is a hash of all my card details and the PIN.

    All the numbers generated on subsequent occasions give the same information at the server end?

    This still begs the question regarding cloned cards and electronically gained PINs
     
  6. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Where do you read that? I seem to understand from the read that PIN numbers are random generated codes with no link to your details. As any chip card, the weak point is the master key (not the 100 pins) and the grabbing of it by thief. This normally happens with no cracking of chip data (too complicated) but standard means (hidden camera, fake keyboards, etc.).
     
  7. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    58
    Location:
    UK
    Card holders decide their own PIN number
     
  8. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,309
    Location:
    England
    It doesn't seem to have anything to do with your actual pin number as such.

     
  9. anon_private

    anon_private Registered Member

    Joined:
    Feb 28, 2010
    Posts:
    58
    Location:
    UK
    Are the 100 numbers placed on the card prior to the Pinsentry being issued, or only after. If after, then I assume that the card will need to be inserted into the cash machine before the Pinsentry can be used.

    Also, does the bank's computer check for just one specific number that is on the list, or 100 numbers, where the number selected must be one of these on the list
     
    Last edited: Feb 16, 2015
  10. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    From the read it says as soon as you use it the first time. Therefore, yes, you need to use it once before you can use it :)
    No, just one number not 100