MOORE%MIDD.BITNET@mitvma.mit.edu (12/21/88)
(Sorry for those of you who don't understand this conversation, but I can't remember which list is carrying it) Why oh why do these bank networks insist on sending PINs through their lines ?? Granted they're DES encrypted, but it takes little time to do the few large number multiplications needed to do a "zero-knowledge" proof that the PIN\ is correct. This also removes the need for the PIN to be on the card at all. The machine reads the account number from the card, gets the PIN from the human, and then tickles the mainframe at the other end saying "Hey, let's do a zero-knowledge check on account ######". Each machine starts multiplying, etc. No need for the PIN on the card or over the wires. Good lord, if I'd known what these folks were doing I might never have gotten one of the silly little plastic cards. Evan R. Moore Academic Computing Services Middlebury College BITNET: MOORE@MIDD Internet: 91erm@cc.williams.edu (a former life which forwards mail)