847
submitted 3 months ago* (last edited 3 months ago) by cron@feddit.org to c/cybersecuritymemes@lemmy.world

Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

you are viewing a single comment's thread
view the rest of the comments
[-] smeg@feddit.uk 1 points 3 months ago

I assumed as the card readers and cards are both offline devices they wouldn't have a way to do this, are card blocks local in general?

[-] SkunkWorkz@lemmy.world 1 points 3 months ago* (last edited 3 months ago)

Modern cards have a chip inside them that’s basically a very tiny computer. It can check how many times the pin was incorrect.

[-] smeg@feddit.uk 1 points 3 months ago

That's pretty cool. I wonder what (if any) tinkering you can do with a card if you've got physical access and some very precise tools.

[-] SkunkWorkz@lemmy.world 2 points 3 months ago* (last edited 3 months ago)

Even if you could you can’t recover the PIN from it. Since it’s not stored on the card, the chip checks the entered PIN against a secret key with cryptographic calculations if it is correct. But you can’t get the PIN from that secret key. Also if I remember correctly the chip will self destruct, as in wipes it’s data, when it detects that it’s being tampered with.

[-] smeg@feddit.uk 1 points 3 months ago
this post was submitted on 18 Aug 2024
847 points (98.8% liked)

Cybersecurity - Memes

1893 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS