Changing PINs of German bank card

Peter Lebbing peter at
Wed Jul 12 12:10:12 CEST 2017

On 12/07/17 07:51, Binarus wrote:
> Furthermore (not being sure, so read with care), I think that the bank
> does not know your pin

When my bank card is replaced because its validity is about to end, the
new card has the same PIN as the old one. I can't readily think of a way
to do that without the bank knowing my PIN, since the new card didn't
physically exist yet when the old card got its copy of the PIN.[1]
Furthermore, I see no use to the bank not knowing my PIN. If their
backend got hacked, these random 4 digits being public knowledge are the
least of the problems.

And since a pin has so low entropy, I don't see how to protect it with a
hash. Any system that can verify correctness in the time it takes to do
a PIN payment[2] can do 10,000 guesses in reasonable time.

Also, back when you could do payments with the magstripe (which, AFAIK,
can still be done in some countries, using your Dutch bank card, if you
allow it), the PIN necessarily went to the bank, there was no way for a
check by the chip in the card.

Anyway, I'm still writing this even though I questioned its usefulness.
But let's consider whether this thread really needs to go on much
longer, it seems it has run its course and is now turning into a wide
trickling delta that is no longer hurrying towards its destination but
rather seeking the path of least resistance in any random direction :-).



[1] Barring any neat trickery like waiting for me to enter my PIN and
listening in so they can then program the new card.

[2] That's what they're called in The Netherlands. Well, PIN-betaling
actually, I did translate.

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170712/f87b655b/attachment-0001.sig>

More information about the Gnupg-users mailing list