Of the many Target revelations, the company revealed on January 10th that the breach included encrypted debit card PIN numbers. That a PIN number of a debit card, along with other information, ends in the wrong hands means, naturally, that a counterfeit card, identical in all respects, can be produced –and given the PIN is known, this counterfeit card can be used to access the victim’s funds.
The good news is that, apparently, the encryption keys used to secure the PINs were not compromised given that the keys remained presumably safe within the point of sale payment terminals, which PCI mandates them to be keys unique to each terminal.
The slightly bad news is that Target was using 3DES, not the much more secure AES encryption algorithms. Target was also apparently using keys with a length of 112 bits, versus the safer 168 bits. (More info on Target’s use of 3DES can be found in Michael Mimoso’s blog entry here. To encrypt a PIN, Target apparently used Format 0 ECB mode, which XORs the padded PIN with the last 12 digits of the card number (see more details here in Matthew Green’s blog). This means, of course, that when two customers have the same four digit PIN, Format 0 ECB returns a different encrypted value as the accounts are different.
However, the bad news is that hackers can conceivably identify the same shopper (i.e. with the same account number or the PAN) returning to the stores again and again –and perhaps using the same or different payment terminals. In fact, hackers have thousands, perhaps even ten of thousands of debit card account numbers, using the same payment terminal, and other payment terminals –and after all, even though 3DES is not hashing, PINs are only four digits long.
Cryptography becomes vulnerable when you know some of the data before encryption, you know the characteristics and size of the unknown data (four digits), combined with a large repository of cyphertexts that you know represent exactly the same data being encrypted over and over and over again using the same or related keys).
While breaking 3DES is difficult, in this case, given the above, the safety of the encryption of these PINs is much less than that of a hacker stealing a single encrypted PIN. While breaking into these PINs might be more a high-hanging fruit for these black hats, customers should, in all prudence, change their PINs or account numbers.