Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

  • @SkunkWorkz
    link
    13 months ago

    No the card will disable it self after three failed attempts.

    • @[email protected]
      link
      fedilink
      English
      13 months ago

      I assumed as the card readers and cards are both offline devices they wouldn’t have a way to do this, are card blocks local in general?

      • @SkunkWorkz
        link
        1
        edit-2
        3 months ago

        Modern cards have a chip inside them that’s basically a very tiny computer. It can check how many times the pin was incorrect.

        • @[email protected]
          link
          fedilink
          English
          13 months ago

          That’s pretty cool. I wonder what (if any) tinkering you can do with a card if you’ve got physical access and some very precise tools.

          • @SkunkWorkz
            link
            2
            edit-2
            3 months ago

            Even if you could you can’t recover the PIN from it. Since it’s not stored on the card, the chip checks the entered PIN against a secret key with cryptographic calculations if it is correct. But you can’t get the PIN from that secret key. Also if I remember correctly the chip will self destruct, as in wipes it’s data, when it detects that it’s being tampered with.