Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

  • SkunkWorkz@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    3 months ago

    Modern cards have a chip inside them that’s basically a very tiny computer. It can check how many times the pin was incorrect.

    • smeg
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 months ago

      That’s pretty cool. I wonder what (if any) tinkering you can do with a card if you’ve got physical access and some very precise tools.

      • SkunkWorkz@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        3 months ago

        Even if you could you can’t recover the PIN from it. Since it’s not stored on the card, the chip checks the entered PIN against a secret key with cryptographic calculations if it is correct. But you can’t get the PIN from that secret key. Also if I remember correctly the chip will self destruct, as in wipes it’s data, when it detects that it’s being tampered with.