190 Getting the incentives right in favour of security is often a |
190 Getting the incentives right in favour of security is often a |
191 tricky business. From a customer point of view, the |
191 tricky business. From a customer point of view, the |
192 Chip-and-PIN system was much less secure than the old |
192 Chip-and-PIN system was much less secure than the old |
193 signature-based method. The customer could now lose |
193 signature-based method. The customer could now lose |
194 significant amounts of money. |
194 significant amounts of money. |
|
195 |
|
196 If you want to watch an entertaining talk about attacking |
|
197 Chip-and-PIN cards, then this talk from the 2014 Chaos |
|
198 Computer Club conference is for you: |
|
199 |
|
200 \begin{center} |
|
201 \url{https://www.youtube.com/watch?v=XeZbVZQsKO8} |
|
202 \end{center} |
|
203 |
|
204 \noindent They claim that they can actually clone with |
|
205 Chip-and-PINs cards such that they get all data that was |
|
206 on the Magstripe, except for three digits (the CVV number). |
|
207 Remember Chip-and-PINs cards were introduced exactly for |
|
208 preventing this. |
|
209 |
195 |
210 |
196 \subsection*{Of Cookies and Salts} |
211 \subsection*{Of Cookies and Salts} |
197 |
212 |
198 Let us look at another example which will help with understanding how |
213 Let us look at another example which will help with understanding how |
199 passwords should be verified and stored. Imagine you need to develop |
214 passwords should be verified and stored. Imagine you need to develop |