Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ames!killer!vector!nobody From: karl@ddsw1.mcs.com (Karl Denninger) Newsgroups: comp.dcom.telecom Subject: Re: PINs and Calling Cards as credit cards Message-ID: Date: 29 Jan 89 13:07:21 GMT Sender: chip@vector.UUCP Lines: 42 Approved: telecom-request@vector.uucp X-Submissions-To: telecom@bu-cs.bu.edu X-Administrivia-To: telecom-request@vector.uucp X-TELECOM-Digest: volume 9, issue 38, message 3 In article comdesign!ivucsb!steve@apple.com (Stevie Lemke) writes: >X-TELECOM-Digest: volume 9, issue 36, message 2 > >Sorry if this has already been discussed (don't know how I could've missed >it, but anyway...): > >Is the four digit PIN on a calling card computed from some sort of algorithm >or is it randomly assigned for each phone number? It just seems strange that >just about any phone anywhere can instantly tell if you dialed the correct >PIN that corresponds to your calling card number. A few years back I knew a person who had a matrix (on paper) of the mapping for these numbers. It was _SIMPLE_; only one or two digits of the "PIN" controlled whether the number you entered worked, and those digits mapped to your phone number. The algorythm was also 'dense' in that more than one mapping was valid (I got curious about the table and mapped my own phone number -- the number calculated did NOT match the one the Telco had issued but BOTH worked!) Thus it was possible (but highly illegal) to bill calls to numbers like "1-555-000-0000"! These calls would COMPLETE -- who knows where the bill went to. I assume that eventually these calls would end up in the "no such account" bin, and someone would get interested in them..... The worst part of this, of course, is that given a person's phone number you could bill calls to their line (!) Supposedly the information came from a group of people at a local university that had done a computer analysis on a large number of valid CC #s to derive the algorythm. Who knows if that part was true..... or where they got the "large number of valid CC#s" to start with..... for all I know he figured it out himself. I've no idea if this kind of thing is possible anymore - - but some years ago it certainly was! I would assume the telephone companies have something better than a simple digit-mapping scheme now if it is still based on an internal computation at all. -- Karl Denninger (karl@ddsw1.MCS.COM, ddsw1!karl) Data: [+1 312 566-8912], Voice: [+1 312 566-8910] Macro Computer Solutions, Inc. "Quality solutions at a fair price"