Recent Posts

Pages: [1] 2 3 ... 10
1
General Discussion / Re: Fav quotes
« Last post by MrBogosity on February 23, 2017, 06:58:09 PM »
I'll keep that in mind.  I thought it sounded nice...>.>;;; anyways...yeah.

And I don't see anything like that in my copies of the Tao Te Ching, which is the only thing he wrote that survives. There might be a similar verse that got translated that way, but I don't see any obvious contenders.
2
General Discussion / Re: Fav quotes
« Last post by Travis Retriever on February 23, 2017, 06:15:01 PM »
Yeah, BrainyQuote's not a good source for those. They don't seem to make any effort to verify them the way Wikiquote does.
I'll keep that in mind.  I thought it sounded nice...>.>;;; anyways...yeah.
3
General Discussion / Re: Fav quotes
« Last post by MrBogosity on February 23, 2017, 03:48:56 PM »
My source:  https://www.brainyquote.com/quotes/authors/l/lao_tzu.html

Yeah, BrainyQuote's not a good source for those. They don't seem to make any effort to verify them the way Wikiquote does.
4
General Discussion / Re: Fav quotes
« Last post by Travis Retriever on February 23, 2017, 02:15:11 PM »
It also doesn't sound like something he would have said. I'm calling mistranslation or misattribution.
My source:  https://www.brainyquote.com/quotes/authors/l/lao_tzu.html
5
General Discussion / Re: Fav quotes
« Last post by MrBogosity on February 23, 2017, 07:04:17 AM »
I would have to disagree with that--at least with the romantic types of love.

It also doesn't sound like something he would have said. I'm calling mistranslation or misattribution.
6
General Discussion / Re: Fav quotes
« Last post by Ibrahim90 on February 23, 2017, 03:13:07 AM »
I put this here, since I recall Shane asked to see the video I mentioned, where Coughlan addresses MartinJWillet. It's not the original video, but it has a lot of elements that he brought up.

7
General Discussion / Re: Fav quotes
« Last post by Ibrahim90 on February 22, 2017, 06:20:27 PM »
"Being deeply loved by someone gives you strength, while loving someone deeply gives you courage."―Lao Tzu

I would have to disagree with that--at least with the romantic types of love.
8
General Discussion / Re: Fav quotes
« Last post by Travis Retriever on February 22, 2017, 03:06:54 PM »
"Being deeply loved by someone gives you strength, while loving someone deeply gives you courage."―Lao Tzu
9
The Podcast / Re: Podcast for 19 February 2017
« Last post by MrBogosity on February 21, 2017, 05:16:54 PM »
No, the PIN can be a part of hardened crypto if you do it right.

Just spitballing, but something like this:

Code: [Select]
acct = <account number>
PIN = <PIN>
key = <random 256-bit number local to the card, that never leaves it>

PrivKey = Ed25519(HMAC(key <key>, acct||pin <message>))
PubKey = PrivKey.MakePublicKey()

The bank or payment processor would have the public key, which is all it would need (and it would be regenerated whenever the PIN is changed). So, when the card is used, you use the same technique to make the same PrivKey in the card, and then:

Code: [Select]
Sig = PrivKey.MakeSignature(TransactionID <message>)
The signature would then be sent to the bank, which would verify (or reject) it with the public key.

All keys would have the full 256 bits of entropy thanks to the random number on the card, which is absolutely necessary for the crypto. The PIN isn't stored anywhere; the user types in the correct PIN, which results in the crypto working, or an incorrect PIN, in which case the crypto fails.

You wouldn't even need to encrypt the data (or at least, this part of it) since nothing is transmitted which needs to remain secret, or can be substituted by a MITM in any way that will result in anything except a failed transaction.
10
The Podcast / Re: Podcast for 19 February 2017
« Last post by evensgrey on February 21, 2017, 04:58:25 PM »
Well, the PIN isn't transmitted over the network (at least, not in the system as implemented in North America), the PINPad communicates with the chip in the card and the chip validates the PIN.  The problem is that not all banks enforce a direct, cryptographically secured and validated communication between the bank and the chip to verify the PIN confirmation.  Apparently, this is what the standard is supposed to require, but it's a detail that has been demonstrated to have been overlooked in at least some implementations.  The PINs are too short (only 17 bits) to be anything but payload in any sane encryption system.  In fact, they're really to short to make a good payload as well.

This whole thing might not have happened if they didn't decide they wanted the convenience of the card tap payment for smaller purchases.  Without that, there wouldn't be a reason to allow for not verifying the PIN cryptographically from all hard terminals on all transactions.
Pages: [1] 2 3 ... 10