Talk:Personal identification number

From Wikipedia, the free encyclopedia

Contents 1 PIN number hack 2 Request: Pronunciation of PIN 3 Criticism 4 hoax tag?

[edit] PIN number hack

In 2002 two PhD students at Cambridge University, Piotr Zielinski and Mike Bond, discovered a security flaw in the PIN generation system of the IBM 3624, which was duplicated in most later hardware. This has meant most ATM's are vulnerable to an attack known as the decimalization table attack which means that someone who can access ATM hardware can guess a PIN in an average of 15 guesses.

I've removed the above from the article, because it is somewhat misleading. For one thing, the proportion of the article taken up with it lends it undue weight, when it is actually of very little interest to anyone other than a bank manager. The exploit described is not in fact in ATM hardware, but in internal bank computing systems - a bank employee would probably have to have passed security screenings before they could access the systems on which the attack is possible. Nonetheless, it may bear insertion somewhere, and for reference, here's the research paper as a PDF [1] - IMSoP 05:27, 9 Mar 2004 (UTC)

Rereading it, I agree that the location of the explot should be more clearly stated, but I think you're underestimating how important it is. See http://www.cl.cam.ac.uk/~mkb23/media-coverage.html also Ross Anderson believes some of Bond's attacks have been used in practice.--Imran 14:03, 9 Mar 2004 (UTC)

[edit] Request: Pronunciation of PIN

It would be nice to add whether PIN should be pronounced P-I-N or PIN as in sPINning for foreign readers such as me :) Thanks, Swalot 11:19, 2 November 2006 (UTC)

[edit] Criticism

How are PIN's better than passwords? they are only 4 numbers and have fewer combinations than alphanumeric passwords. This has been removed from the article. 165.230.46.153 20:05, 16 November 2006 (UTC)

[edit] hoax tag?

Is the hoax tag because the page mentions the PIN security hoax (the belief that if you enter your PIN wrongly you can send a request for help if you're mugged in the ATM cubicle)? The article does label that section 'hoax'. Perhaps a little explanation of why such a system would be impossible and a stronger denial of its existence would clarify the section? Rimi talk 06:01, 8 February 2007 (UTC)

There's no reason for the hox tag that I can see. Talking about a hoax doesn't make the article a hoax. The existence of the software isn't a hoax - I've added an additional link to the article about it, just to clarify, although there were two already. CiaranG 08:27, 8 February 2007 (UTC)