corsasport.co.uk
 

Corsa Sport » Message Board » Off Day » Geek Day » New form of password to replace standard PIN.


New Topic

New Poll
  <<  1    2    3    4    5    6  >> Subscribe | Add to Favourites

You are not logged in and may not post or reply to messages. Please log in or create a new account or mail us about fixing an existing one - register@corsasport.co.uk

There are also many more features available when you are logged in such as private messages, buddy list, location services, post search and more.


Author New form of password to replace standard PIN.
chris_uk
Premium Member

Avatar

Registered: 8th Jul 03
User status: Offline
24th Feb 09 at 13:22   View Garage View User's Profile U2U Member Reply With Quote

yes i do..


Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 13:23   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by chris_uk
but lets be realistic.. you are not getting 100x the security are you..



You are

You're no mathmetician so I doubt you'd be able to work it out, but the statistics behind it show its at least 100x more secure in its current form, and can be made more.

The inventor has a Doctorate in Applied Mathematics, and was Govt. Scientist for the MoD - he knows his stuff
chris_uk
Premium Member

Avatar

Registered: 8th Jul 03
User status: Offline
24th Feb 09 at 13:24   View Garage View User's Profile U2U Member Reply With Quote






[Edited on 24-02-2009 by chris_uk]
chris_uk
Premium Member

Avatar

Registered: 8th Jul 03
User status: Offline
24th Feb 09 at 13:25   View Garage View User's Profile U2U Member Reply With Quote

i can get 10x better security if i cover the pad with my hand..

Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 13:26   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by chris_uk
yes i do..





You obviously dont as your comment about using a video camera to watch you is laughable.

You could invite the guy behind you with the swag bag over his shoulder to watch you put the code in and he wouldnt be able to then take your card and go spending with it.
Brett
Premium Member

Avatar

Registered: 16th Dec 02
Location: Manchester
User status: Offline
24th Feb 09 at 13:28   View Garage View User's Profile U2U Member Reply With Quote

quote:
Originally posted by chris_uk
i can get 10x better security if i cover the pad with my hand..



...and what if it's a cash machine with a fake front put on to log all your details? Currently, they'd log your PIN easily. This new way, sure they'd see the combination you've pressed, but they wouldn't have you PIN as that combination would change next time.
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 13:28   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by loafofbrett
quote:
Originally posted by chris_uk
i can get 10x better security if i cover the pad with my hand..



...and what if it's a cash machine with a fake front put on to log all your details? Currently, they'd log your PIN easily. This new way, sure they'd see the combination you've pressed, but they wouldn't have you PIN as that combination would change next time.


But Chris would use his anti-fake front blocker, and that way would be 10x secure again.
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 13:31   View User's Profile U2U Member Reply With Quote

Right, for those who think their brain can handle it, the whitepapers on their website will show you the benefits over standard PIN machines. Chris I suggest you attempt to read them.

http://www.pinoptic.com/resources/whitepapers.htm

FAQ section might be more simple for some

http://www.pinoptic.com/resources/faqs.htm

Maybe might want to see the presentation they were invited to give at the Security and Management Conf in Vegas. Have since been asked and presented in various conf. in Barcelona and Moscow.

http://www.pinoptic.com/resources/presentations.htm
chris_uk
Premium Member

Avatar

Registered: 8th Jul 03
User status: Offline
24th Feb 09 at 13:32   View Garage View User's Profile U2U Member Reply With Quote

just dont go to a dodgy looking fucking cash machine do you..

only use major banks etc..

i mean ffs, its more common sence really isnt it..

if you dont cover your pin up then waft yoru card about your going to get it fucking stolen..

if you are discreat about it and put it straight away then the chances of you getting your card stolen are remote.

Paul_J
Member

Registered: 6th Jun 02
Location: London
User status: Offline
24th Feb 09 at 13:32   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by loafofbrett
quote:
Originally posted by Paul_J
I think at most it'd make 81 combinations


Banks don't allow people unlimited attempts at PINs you know


yeh but as I've stated, if people are determined enough, this will easily be reduced to a much smaller amount of combinations by process of elimination.

I think if you watched someone actually enter a pin in real life, you'd probably be able to guess when they were entering a number and when they were entering a symbol, just by the way they press the buttons... I know people like my mum would definately make it obvious.

With this info you'd then probably have a possible list of say 2-4 pins it may be... which if you've got the card cloned, you'd walk up to one ATM, try to pins... Maybe already get access as it may of been the first you tried...

or if not, walk away to another ATM, try two more and be in.

My point is, criminals will always find a solution to a problem - it's not a great deal more secure than the current system we use, and if people are led into a 'false sense of security' - by believing its 100x more secure etc, then it's probably going to actually cause more problems.

For example believing a pin is a very secure thing, could mean more things just rely on pin to be entered - where currently it relies on a lot more passwords / security questions to be asked.

For example originally people thought DES encryption was plenty for internet use... but soon found it was liable to brute force attacks... the problem was because people 'Believed it' to be secure, all sorts of information was being protected by it...
Paul_J
Member

Registered: 6th Jun 02
Location: London
User status: Offline
24th Feb 09 at 13:35   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by loafofbrett
quote:
Originally posted by chris_uk
i can get 10x better security if i cover the pad with my hand..



...and what if it's a cash machine with a fake front put on to log all your details? Currently, they'd log your PIN easily. This new way, sure they'd see the combination you've pressed, but they wouldn't have you PIN as that combination would change next time.


I think you'll find that, the fake front swipes your card - but there's a camera built in to the fake front which video's your pin be entered... So essentially Chris covering his hand has prevented this attack
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 13:36   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Paul_J
it's not a great deal more secure than the current system we use, and if people are led into a 'false sense of security' - by believing its 100x more secure etc, then it's probably going to actually cause more problems.



Yes it is though - go and read the white papers. Guessing its not 100x more secure (when the maths behind it show it is) is a little foolish and doesnt back up any of your points.

YES - it can be broken if you follow the person round and watch them enter their PIN numberous times (I think its something like 25+ times). And as said you MAY be able to guess some by the way people enter it.

But the facts show its more than 100x more secure than whats currently out there, and to banks this is something they are after.
Brett
Premium Member

Avatar

Registered: 16th Dec 02
Location: Manchester
User status: Offline
24th Feb 09 at 13:37   View Garage View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Paul_J
I think you'll find that, the fake front swipes your card - but there's a camera built in to the fake front which video's your pin be entered... So essentially Chris covering his hand has prevented this attack

Wouldn't be hard to make a false kaypad that recorded keystrokes really would it.
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 13:38   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Paul_J
quote:
Originally posted by loafofbrett
quote:
Originally posted by chris_uk
i can get 10x better security if i cover the pad with my hand..



...and what if it's a cash machine with a fake front put on to log all your details? Currently, they'd log your PIN easily. This new way, sure they'd see the combination you've pressed, but they wouldn't have you PIN as that combination would change next time.


I think you'll find that, the fake front swipes your card - but there's a camera built in to the fake front which video's your pin be entered... So essentially Chris covering his hand has prevented this attack


You'll also find whole fake fronts are being put over keypads so it still enters the code on the screen but also sends the details of the PIN to someone waiting nearby (or collects it for later).
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 13:39   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Cosmo
Right, for those who think their brain can handle it, the whitepapers on their website will show you the benefits over standard PIN machines. Chris I suggest you attempt to read them.

http://www.pinoptic.com/resources/whitepapers.htm

FAQ section might be more simple for some

http://www.pinoptic.com/resources/faqs.htm

Maybe might want to see the presentation they were invited to give at the Security and Management Conf in Vegas. Have since been asked and presented in various conf. in Barcelona and Moscow.

http://www.pinoptic.com/resources/presentations.htm


Can add the inventors blog to that list, details some examples of fraud that have recently happened where this system would of prevented.

http://pinoptic.blogspot.com/
Paul_J
Member

Registered: 6th Jun 02
Location: London
User status: Offline
24th Feb 09 at 13:40   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Cosmo
quote:
Originally posted by Paul_J
it's not a great deal more secure than the current system we use, and if people are led into a 'false sense of security' - by believing its 100x more secure etc, then it's probably going to actually cause more problems.



Yes it is though - go and read the white papers. Guessing its not 100x more secure (when the maths behind it show it is) is a little foolish and doesnt back up any of your points.

YES - it can be broken if you follow the person round and watch them enter their PIN numberous times (I think its something like 25+ times). And as said you MAY be able to guess some by the way people enter it.

But the facts show its more than 100x more secure than whats currently out there, and to banks this is something they are after.


It's 100x more secure if you don't have any knowledge of them entering thier pin, what I'm saying is simple process of elimination would break this down within seconds.

Going back to the Computer Encryption example, people believed the encryption they originally started using would take millions of years to brute force...

... however, maths and process of elimination reduced the total number of possible combinations, which when then brute forced got access within minutes or hours I believe

It's just an example of how on paper, maths can prove that something is secure by X amount, however once you counter in process of elimination etc it's suddenly reduced quite significantly.
Paul_J
Member

Registered: 6th Jun 02
Location: London
User status: Offline
24th Feb 09 at 13:42   View User's Profile U2U Member Reply With Quote

Cosmo, that blog highlights my point exactly

http://pinoptic.blogspot.com/

^^

Have a read of that... countless things that were believed and proven to be secure... oh yes, which arn't

I rest my case.
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 13:44   View User's Profile U2U Member Reply With Quote

Paul, as said Im not for one minute saying this is unbreakable. What I am saying is that it is, on paper, 100x more secure than whats currently being used. Maybe in real life applications it only becomes half of this amount, maybe its more. What it is, the banks are extremely interested in using this type of system, so much so they are spending millions testing it, in a live environment, in other smaller countries. And they know more than you or I when it comes to things like this.

The stats arent just worked out from the theory, they are proper white papers produced by Universities and groups totally unrelated to this product. Go and read them and you'll understand the theory behind it and maybe have more to base your opinion on.
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 13:45   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Paul_J
Cosmo, that blog highlights my point exactly

http://pinoptic.blogspot.com/

^^

Have a read of that... countless things that were believed and proven to be secure... oh yes, which arn't

I rest my case.


Exactly, hence why a new system (this) is being shown to secure these things.

Dont just dismiss it not knowing anything about the theory behind it - go and read up on it.
Paul_J
Member

Registered: 6th Jun 02
Location: London
User status: Offline
24th Feb 09 at 13:51   View User's Profile U2U Member Reply With Quote

Well i've just read one white paper that was quite biased... hopefully all of these won't be the same...

28 participants, but then only using 20 of the results for the average time... I wonder why? were there 8 really slow people who didn't conform...

And over the 20 good ones, the average time to input the pin was 4.9 secs, with the highest being 9.7 seconds...

That's substaintially longer than it takes to enter a standard pin.

Once again, I come back to the fact it'd be easy to note when they entered a number or a symbol (due to these pauses of time) which would reduce the combinations quite majorly.
Paul_J
Member

Registered: 6th Jun 02
Location: London
User status: Offline
24th Feb 09 at 13:55   View User's Profile U2U Member Reply With Quote

Ok I just read each white paper

and no where did any of them state

"Using this gives over 100x more security"

can you please point me to the paper and page where this is stated?
chris_uk
Premium Member

Avatar

Registered: 8th Jul 03
User status: Offline
24th Feb 09 at 13:55   View Garage View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Cosmo
Paul, as said Im not for one minute saying this is unbreakable. What I am saying is that it is, on paper, 100x more secure than whats currently being used. Maybe in real life applications it only becomes half of this amount, maybe its more. What it is, the banks are extremely interested in using this type of system, so much so they are spending millions testing it, in a live environment, in other smaller countries. And they know more than you or I when it comes to things like this.

The stats arent just worked out from the theory, they are proper white papers produced by Universities and groups totally unrelated to this product. Go and read them and you'll understand the theory behind it and maybe have more to base your opinion on.


on paper.... hmm... the only thing that this system provides is the added ballache to get your money..

takes computer games for instance.. each time a new game comes out there is new protection.. and then 1 month later its cracked..

just taking what paul says again, if someone wants it they will get it..
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 13:59   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by Paul_J
Ok I just read each white paper

and no where did any of them state

"Using this gives over 100x more security"

can you please point me to the paper and page where this is stated?


I'll look through the ones Ive got here, if they arent on the site I may not be able to release them. The ones Im on about were done by a University Research Unit, not for PinOptic but looking at multiple types of security for use where PIN systems currently are.

The 100x was what I got off the PinOptic website without going through any reports Ive got, their website is based on these (and his own obviously) findings.
chris_uk
Premium Member

Avatar

Registered: 8th Jul 03
User status: Offline
24th Feb 09 at 14:01   View Garage View User's Profile U2U Member Reply With Quote

my car goes 185 miles an hour...

have a look on vauxhalls website..

oh wait.. im not sure.. ill have a look at the unpublished brochure and since it was unpublished i dont know if i can give you the details..
Cosmo
Member

Registered: 29th Mar 01
Location: Im the real one!
User status: Offline
24th Feb 09 at 14:01   View User's Profile U2U Member Reply With Quote

quote:
Originally posted by chris_uk
quote:
Originally posted by Cosmo
Paul, as said Im not for one minute saying this is unbreakable. What I am saying is that it is, on paper, 100x more secure than whats currently being used. Maybe in real life applications it only becomes half of this amount, maybe its more. What it is, the banks are extremely interested in using this type of system, so much so they are spending millions testing it, in a live environment, in other smaller countries. And they know more than you or I when it comes to things like this.

The stats arent just worked out from the theory, they are proper white papers produced by Universities and groups totally unrelated to this product. Go and read them and you'll understand the theory behind it and maybe have more to base your opinion on.


on paper.... hmm... the only thing that this system provides is the added ballache to get your money..

takes computer games for instance.. each time a new game comes out there is new protection.. and then 1 month later its cracked..

just taking what paul says again, if someone wants it they will get it..


Chris, you obviously dont understand how this works as your comments make no sense.

On paper is referring to the ACTUAL maths behind the product. This is an exact science and on paper will give the level of security over the PIN type. As I said to Paul, it may well be 100x secure in a real life application, it may well only be half of this - I dont have the info to hand to say either way, it is out there though.

Banks have decided to trial it, spending huge amounts of money - dont you think this shows they thinks its a workable solution?!

  <<  1    2    3    4    5    6  >>
New Topic

New Poll

  Related Threads Author Forum Replies Views Last Post
*Legitimate!* Any1 know how to clock? digitalbanana Help Zone, Modification and ICE Advice 14 1535
1st May 03 at 12:39
by Mr 106
 
MOT test Stone Cold Rattlesnake Help Zone, Modification and ICE Advice 27 2662
20th Jan 04 at 23:46
by Kris TD
 
Morretes Light Bulbs ??? Rocky Help Zone, Modification and ICE Advice 9 877
16th Feb 05 at 19:54
by Rocky
 
aaarrrghhhh password help needed Dave A Geek Day 8 863
5th Feb 07 at 19:47
by Jules
 
is this a quickshift? Jas General Chat 6 925
14th Sep 08 at 22:07
by will_ainsworth
 

Corsa Sport » Message Board » Off Day » Geek Day » New form of password to replace standard PIN. 28 database queries in 0.0203450 seconds