From: Mark 
Newsgroups: uk.finance uk.legal
Subject: Re: Credit Cards/Chip and Pin/ATM withdrawls
Date: Tue, 20 Dec 2005 11:18:15 +0000

On Thu, 15 Dec 2005 20:15:44 +0000, Cynic 
wrote:

>On Thu, 15 Dec 2005 15:46:38 +0000, Mark  wrote:
>
>>Thanks for the link.  It's hard to estimate the risk of, for example,
>>a man-in-the-middle attach without knowing at lot more how the chip
>>works.  If, for example, the chip contains a private key then the
>>chip itself must at lot of the work itself.
>
>A while back another poster said that the card has your PIN stored in
>an area that is inaccessible to the outside world.  In use, the POS
>passes to the card the entered PIN, the card's CPU accesses its
>internal storage and either confirms or denies a match.  After 3
>incorrect attempts, the card will set an internal "disable" flag and
>refuse to acknowlege further queries.
>
>The chip is sealed and physically difficult to access, and in any case
>would require *very* expensive equipment to be able to extract the
>contents of an area of its internal Flash memory even if it was
>possible to expose the silicon without damaging it.

Are you saying that the chip's secret key is just a 4 digit pin
number.  That makes the whole C&P a complete nonsense IMHO.

Mark.