The news is reporting yet another problem with Target security: this time, the headline is screaming “Target says hackers took encrypted PIN data but can’t crack it“.
I can’t resist that headline, so I had to see how Target was doing an unbreakable encryption. Before I dive in, remember your encryption basics: Alice wants to talk to Bob, and they have a shared secret that they use to encrypt the data (called the plain text) using some algorithm. This shared secret can either be shared out of band, pre-installed, or via some secret-sharing protocol.
So, what is Target saying this time:
The PIN data is encrypted as it’s entered by a customer at a keypad at checkout, protected with what’s known as Triple DES encryption, according to Target.
The PIN information stays encrypted within Target’s system and “remained encrypted when it was removed,” the Minneapolis-based company said.
The code can only be cracked when the data is received by Target’s external, independent payment processor, according to the retailer.
“What this means is that the ‘key’ necessary to decrypt that data has never existed within Target’s system and could not have been taken during this incident,” the company said Friday.
First, let’s look at this shared secret. It must be known by both sides, meaning it has to be available to the independent payment processor and the keypad at checkout. There are three ways to do that: they could create a new secret each time and share it using a key exchange protocol (good, but expensive network-wise), they could store the secret on the Debit card (easy and flexible, and unique for each user, but vulnerable to readers, plus you need to send the card number in plaintext to retrieve the key), or they could store the secret in the device. Target doesn’t say which they were doing, but I’m guessing it is the same for every keypad device. This means: capture a keypad device, capture the key.
Next, they are using 3DES. While this is better than DES, it isn’t as good as AES. They also don’t state the key length they are using, and this is a big factor in the ability to break the key.
Next, think about the data itself. There is the card number and the pin likely being encrypted. If the badguys are capturing data, it is easy to get encryption of a number of known plaintexts, with a fixed key. You’ve now got a known plaintext attack.
In short: I wouldn’t trust Target’s platitudes here. If I had a debit card, I’d contact my bank to cancel it and get a new one. Yes, that will cost the bank, but they may convince Target to go to chip and pin. You simply don’t have any protection with a debit card.
Am I worried about Target and credit cards? Surprisingly, no. Target is no better or worse than any other American retailer, and you are still at greater risk giving your card to a strange waitcritter in a restaurant or over the phone when you order a pizza. Check your charges regularly, dispute any that aren’t valid, and if there is more than one disputed charge, cancel and get the card reissued. Enough of these problems, and the banks will move to chip and pin because it will be cheaper.
I’d welcome the thoughts of other cryptography folks on this one. Was my (admittedly limited) cryptographic analysis correct?
Looks about right to me.
What I don’t understand is – if they’re encrypting in one place, and only decrypting in another, why aren’t they using asymmetric encryption?