90 Security De-engineering
of other banks, with the transaction encrypted using a shared key
with a network such as Visa, Mastercard, and Cirrus, for example.
e bank may not know it yet (although it probably will), but it has
to maintain a master key for each ATM, plus quite possibly also an
encryption key, authentication key, and keys for all banking networks
for which it is a member.
Banks in general face a huge key management challenge—certainly
ATMs are not their only worry. What about the thousands of online
banking customers who may have been set up with a private certi-
cate as part of a two-factor authentication challenge? What about the
several thousand employees whose passwords may be encrypted with
keys under some Kerberos-ty