Last week, I tried to register for a service and was really surprised by a password limit of 16 characters. Why on earth yould you impose such strict limits? Never heard of correct horse battery staple?

    • smeg@feddit.uk
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      I assumed as the card readers and cards are both offline devices they wouldn’t have a way to do this, are card blocks local in general?

      • SkunkWorkz@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        4 months ago

        Modern cards have a chip inside them that’s basically a very tiny computer. It can check how many times the pin was incorrect.

        • smeg@feddit.uk
          link
          fedilink
          English
          arrow-up
          1
          ·
          4 months ago

          That’s pretty cool. I wonder what (if any) tinkering you can do with a card if you’ve got physical access and some very precise tools.

          • SkunkWorkz@lemmy.world
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            4 months ago

            Even if you could you can’t recover the PIN from it. Since it’s not stored on the card, the chip checks the entered PIN against a secret key with cryptographic calculations if it is correct. But you can’t get the PIN from that secret key. Also if I remember correctly the chip will self destruct, as in wipes it’s data, when it detects that it’s being tampered with.