HSBC Secure Keys

HSBC Secure Keys

So I've been thinking about those little keypads that come with Internet bank accounts these days. They look like small calculators and are used to verify your credentials when logging on. While the details vary by bank, the process is usually that at some point during the log in, a window will prompt you to press some buttons on your Secure Key (which requires a pincode). This will generate a 6 digit number that you have to enter into the computer. Pressing it multiple times will generate different 6 digit numbers, but somehow that computer knows which one to accept.

The bizarre thing is that the Secure Key and the bank have no way of communicating with each other. I've done some digging around online and I can't find any official response as to how it works, which makes sense considering it is a security feature. However there are various discussions on the Stack Exchange and it seems that there are two main methods which could be used.

The first is that the Secure Key and the bank have synchronised clocks. The keypad generates the new 6 digit numbers as a function of its serial number and time which the bank can also work out. The entry window for receiving your code and entering it into the website is apparently just over 2 minutes based on investigations by some old blogs I've found from when the technology first came out, but I haven't tried it myself for fear of getting locked out of my bank,

The other possibility is that time is irrelevant for the process and the new codes are just a function of how many times you press the button to summon one up. If the code isn't entered into the website then the bank won't know you have wasted it. However you could have the website accept, say, one of the next hundred codes from the sequence and still have the same security as a normal pin number (1 in 1000). By getting you to enter two codes in a row if you had skipped some the bank could get around this drop in security. The advantage to this system is that you don't have to mess around with messy clock hardware.

20170321_220245.jpg
Duracell Bunnies vs Energizer Bunnies

Duracell Bunnies vs Energizer Bunnies

Mersenne Primes

Mersenne Primes