Changing PINs of German bank card
ndk.clanbo at gmail.com
Wed Jul 12 12:27:41 CEST 2017
Il 12/07/2017 12:01, Binarus ha scritto:
> Not sure about that. Similar to serious websites which don't store your
> password in clear text, but do store the password's hash instead, I
> would expect that banks don't store your PIN in clear text as well.
Even with 6-digits PIN it would take *seconds* to an attacker to brute
force hashed PINs once he gets the hashed database. Salted hashes would
multiply the needed time by the number of PINs (approx).
So keeping such a database would be a really stupid thing to do --
unless it's kept in a HSM.
Passwords have way larger key space (from 10^N for N digits of the PIN
to 64^N or more for the passwords -- considering uppercase, lowercase,
digits and symbols), hence salted hashes are quite secure.
More information about the Gnupg-users