[loeg]

> Fun fact - in the initial spec this offline PIN was communicated between the terminal and the card in the clear. What could possibly go wrong :-). These days it is encrypted.

How do you encrypt a 4 digit number (PIN) in a way that is resistant to brute force recovery?

[amluto]

You set up an secure session (e.g. TLS, but you wouldn't do it that way) and send the 4 digit number over it. Or you use any standard cryptosystem with appropriate security guarantees (RSA-OAEP, AES-GCM, you name it).

What you don't do is shove the 4 digit number straight into an ECB mode cipher.

[TezlaKoil]

Diffie–Hellman key exchange?

Oh gosh, this feels just like my crypto finals :(

[StavrosK]

You don't. The card has a CPU on it that's the only thing that has access to the key and just refuses to authenticate any more after a few attempts.

At least that's how I'd do it.