|
Thirtysome years ago I designed and built cryptographic modules for EFT processing. Early days...
In those days there were two main algorithms for PIN verification.
The IBM Derived PIN system used data from the mag stripe (some of the account number and other fields) to crunch up with DES and other things to generate the expected PIN, which was verified by direct comparison (at a processing system, since the terminal did not have the relevant DES keys etc).
The (more popular) VISA method took the PIN and some stripe data, crunched them up and came out with a 4 digit value which was compared with the PVV (PIN verification value) from the stripe (or issuer's database).
This can be viewed as an elaborate hash function (4 digit PIN -> 4 digit PVV)
I investigated its properties as a hash, and (re-)discovered some interesting statistics.
Obviously a 1:1 mapping could be fairly easily brute-forced, so information is "destroyed" to make it a one-way operation.
As a consequence, looking at the PVV space:
1/e (almost 37%) of PVVs are unreachable - no corresponding PINs
1/e have one PIN mapped to them
1/2e (over 18%) of PVVs have TWO PINs that map to them
1/6e (6%+) of PVVS have THREE PINs that map
1/24e (1.5%+) have FOUR ... and so on
So, (back in PIN space) there is a very real chance that your card has more than one PIN that would work. (Good luck finding the other(s)!)
That fact blew the mind of more than a few bean-counters and auditors....
With regard to OG's thread below, we had requests from card issuing institutions to NOT generate "simple" PINs.
In the end I think we discarded PINs with 4 consecutive digits or more than two repeats.
(A little repetition is good - my favoured PINs have two characteristics:
They can be keyed by laying my hand over the PIN pad and merely flexing fingers.
They include a repeat so even keen watchers wind up missing something.)
Some time later, customer selected PINs (and PIN change terminals) hit the streets...
Ah, nostalgia (ain't what it used to be)!
Software rusts. Simon Stephenson, ca 1994. So does this signature. me, 2012
|
|
|
|
|
Wordle 1,095 5/6*
⬛⬛🟨⬛🟨
⬛🟨🟨⬛🟨
🟨🟨⬛🟨⬛
🟩🟩⬛🟩⬛
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 1,095 6/6
⬜⬜⬜⬜🟨
🟨⬜⬜🟨⬜
⬜🟩🟨🟩⬜
⬜🟩⬜🟩🟩
🟩🟩⬜🟩🟩
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 1,095 3/6
⬜⬜⬜⬜🟨
🟩🟨🟨⬜⬜
🟩🟩🟩🟩🟩
|
|
|
|
|
Wordle 1,095 3/6*
⬜🟨🟨⬜🟨
⬜🟩⬜🟩🟩
🟩🟩🟩🟩🟩
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
🟩🟨⬜⬜🟨
🟩🟩🟩🟩🟩
In a closed society where everybody's guilty, the only crime is getting caught. In a world of thieves, the only final sin is stupidity. - Hunter S Thompson - RIP
|
|
|
|
|
Wordle 1,095 4/6*
⬜⬜⬜⬜🟨
⬜⬜🟨🟩⬜
🟩⬜⬜🟩🟩
🟩🟩🟩🟩🟩
Happiness will never come to those who fail to appreciate what they already have. -Anon
And those who were seen dancing were thought to be insane by those who could not hear the music. -Frederick Nietzsche
|
|
|
|
|
Wordle 1,095 3/6
⬛🟩⬛🟩🟩
⬛🟩⬛🟩🟩
🟩🟩🟩🟩🟩
Ok, I have had my coffee, so you can all come out now!
|
|
|
|
|
American here for context
In the light of recent revelations of MS cooperating with the CCP and the PLA and the fact that the DoD and the Feds (I know that's redundant) moved all their crap to the cloud - all of it classified - none of it protected by the OS, I give you this...
So, I have deliberately covered my built in webcam. I login through a password or a pin. The login process or whatever it is has thrown an exception condition. I cannot login. The mouse has gone stupid. The laptop is hung.
The inmates are in charge of the asylum.
Charlie Gilley
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
Has never been more appropriate.
|
|
|
|
|
Did you let your Matrix subscription lapse?
Reality what a concept.
If you can't find time to do it right the first time, how are you going to find time to do it again?
PartsBin an Electronics Part Organizer - Release Version 1.4.0 (Many new features) JaxCoder.com
Latest Article: EventAggregator
|
|
|
|
|
shut up old guy
Charlie Gilley
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
Has never been more appropriate.
|
|
|
|
|
Well, just uncover your webcam, submit a new blood sample, and schedule your subcutaneous tracking capsule injection. You will be right as rain in no time!
|
|
|
|
|
the part that I found hilarious was the exception condition.
I read all of the time the holy grail for developers is to get a job in the big 5. F*** if I know the term now, it comes up now and again. I'm just one of those grunt developers that face palms when they do not handle an obvious situation - and honestly I'm not sure covering the webcam caused it. But don't you think that the login screen should be crash proof?
Charlie Gilley
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.” BF, 1759
Has never been more appropriate.
|
|
|
|
|
David O'Neil wrote: submit a new blood sample
I've always said, if they want a DNA sample, they can come right over and bl*w me.
|
|
|
|
|
I was going to make the Subject
"It is your computer BUT we will tell you how you can use it"
This is a Hardware Question if it should not be in the Lounge
Please inform me where to post
Config
W7 64 bit Pro
Firefox browser DuckGo search engine
Chrome Block all Cookies
I have a VB app that stores data in SQLite DB the name of the YouTube site and a link to open the site with a list of all the videos.
A number of things are failing
1 The site will not load content if I use "Open Link in New Window"
2 The site will not load content if I use "Open Link in New Tab"
This varies no consistent behavior political ads show Liberty Mutual ad blocked ? ?
3 In Firefox I turned OFF "Block Popup Windows" it was on OFF no change
As of now the ads do not show but I am presented with a skip button to close the ad
that did not show
If I login to Google then Google and Firefox seem to play nice
except "Open Link in New Window"
Any suggestions on how to make Google and Firefox play nice?
Any settings I should change in either ?
I did try just using "Block 3rd Party Cookies" ONLY no change
|
|
|
|
|
I know that Google Chrome now blocks all 3rd party cookies. As for the other browsers, they may also block 3rd party cookies, but I honestly don't know. It's something I'd have to check.
When it comes to blocking all cookies, I think it would inevitably interfere with the function of most web pages. Instead of blocking all cookies, require the browser to prompt you whenever a page sets a cookie. This way, you can allow cookies for the websites you trust, and disallow all other sites by default.
Take a look at Google's/YouTube's cross-origin-resource-sharing policy. That could shed some light on things. Google may require you to set some sort of HTTP request header in certain cases.
If the problem that you are experiencing occurs in the same way across all browsers, I get the feeling that it would be a CORS issue.
You may also want to try disabling all browser extensions to see if that has any effect. I recently encountered a bug on my site. It turns out that a specific plugin was causing the error. I disabled the plugin, and the problem is fixed.
|
|
|
|
|
Steve thanks for the information in the reply
I have no "prompt when a page sets a cookie"
I did change the Chrome to Block third party cookies"
Google's making changes on a daily bases while they are testing this new feature
So results are variable based on what I have tried
One test is I made Google the default browser in Firefox mixed results
still can not use "Open Link in New Window"
Lot of info about Google's/YouTube's cross-origin-resource-sharing policy
won't bother you with my testing how to leverage this feature
End of the day it boils down to
"It is our computer BUT we decide how you use it"
I started playing with the internet when you were sent a CD to logon
with dial up connections
YES companies have contributed major improvements
but too much monetization on the backs of the user's
|
|
|
|
|
Choroid wrote: Steve thanks for the information in the reply No prob
Choroid wrote: Google's making changes on a daily bases while they are testing this new feature I like how Google works. They're bold when it comes to experimenting with such a myriad of things. Choroid wrote: CD What's CD? Does that stand for something?Choroid wrote: Lot of info about Google's/YouTube's cross-origin-resource-sharing policy I bet there is. Reading the Terms of Service on YouTube alone would take a month. I don't want to know anything about their CORS policy. It scares me.
One thing I learned about Google is that by default, they disallow google.com from being placed within an iFrame located on a different origin. That makes sense.
Upon inspecting the iFrame, you will see a message sent by Google in response to the iFrame's HTTP request headers. The message says something along the lines of: This page can't be loaded. No request header value for "Some-Google-Header-X" was sent in the HTTP GET request. I forget the name of that header, but I bet if you found out how to get a valid code for that header, it just might work.
Make a simple HTML page and write an iFrame element within the body. Set the iFrame's "src" attribute to "https://google.com". Open the HTML page in a browser. The iFrame will fail to load. Hit Ctrl + Shift + I (in Chrome) to view the devtools/console panel. Take a look at the response header for the iFrame. It should specify the name of the header required in order for Google.com to load within the iFrame. Do a Google search using that header's name and you just might find something to address the problem. That would be my next try.
|
|
|
|
|
Steve I decided to ask a question and try to solve the issue by opening Google
and login when I opened the YouTube video. The mistake I only need to open Chrome.exe
then open the YouTube channel. Now everything works sort of the ads show but I just mute
or skip after a few second's here is the link to the question with the solution by OG
Set default browser from a VB.NET application[^]
|
|
|
|
|
Choroid wrote: W7 64 bit Pro
[...]
Please inform me where to post
How about 4 years ago?
Windows 7 went out of support in January of 2020. Chrome officially dropped support for it in January 2023.
|
|
|
|
|
Glad you keep up on History
it made me laugh dandy72
Google may have dropped support but they still try to update
and make changes to Chrome
Nothing is FREE you pay a price to use BIG tech software
but that is not a revelation to anyone in the Lounge
|
|
|
|
|
Choroid wrote: Google may have dropped support but they still try to update
and make changes to Chrome
...but can you still install the current versions of Chrome on 7? Otherwise those "updates and changes" don't do much good for your version that's frozen in time.
I'm otherwise happy to hear I amuse you. You know what they say about minds that are easily amused.
Choroid wrote: Nothing is FREE you pay a price to use BIG tech software
but that is not a revelation to anyone in the Lounge
It's not, so I'm not sure why you're bringing that up.
|
|
|
|
|
3.4M PIN numbers that were pulled together from a whole bunch of data breaches have been heat mapped, and they are quite interesting (to me at least): https://www.grc.com/miscfiles/pin.png[^]
Given that most (if not all ATM / shop card readers work with 4 digit PINs, it's interesting to see what people generally use. Notice the lines and clusters: identical pairs (0000, 0101, ...) birthdate day and month, birth year seem to be pretty common, but it's interesting to note two things:
1) There are a small number of "empty" or "near empty" cells where people just aren't disposed to use that combination.
2) 20 out of the possible 10,000 different PIN values are used by 27% of the population ... so if you want to "brute force" a PIN, those are the ones to try first - if you are using one of them, it's probably time to change it:
1234, 4321, 0000, 7777, 2000, 2222, 9999, 5555, 1122, 8888, 2001, 1111, 1212, 1004, 4444, 6969, 3333, 6666, 1313, 1010
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Very interesting picture. Any four consecutive digits appear to be highly used.
|
|
|
|
|
Yeah - it's surprising how much human beings can skew what you might assume was pretty random data!
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt
AntiTwitter: @DalekDave is now a follower!
|
|
|
|