Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

  • smeg@feddit.uk
    link
    fedilink
    English
    arrow-up
    1
    ·
    4 months ago

    I assumed as the card readers and cards are both offline devices they wouldn’t have a way to do this, are card blocks local in general?

    • SkunkWorkz@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      4 months ago

      Modern cards have a chip inside them that’s basically a very tiny computer. It can check how many times the pin was incorrect.

      • smeg@feddit.uk
        link
        fedilink
        English
        arrow-up
        1
        ·
        4 months ago

        That’s pretty cool. I wonder what (if any) tinkering you can do with a card if you’ve got physical access and some very precise tools.

        • SkunkWorkz@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          4 months ago

          Even if you could you can’t recover the PIN from it. Since it’s not stored on the card, the chip checks the entered PIN against a secret key with cryptographic calculations if it is correct. But you can’t get the PIN from that secret key. Also if I remember correctly the chip will self destruct, as in wipes it’s data, when it detects that it’s being tampered with.