00:07 <theartisan> Mine asks for individual letters of a password, so the pass is obviously plaintext... then 2-factor for transactions

00:08 <tarcieri> I like banks that make you pick a special passphrase they display to you

00:08 <tarcieri> and a special "security image"

00:08 <tarcieri> because there's no way to MitM that shit

00:08 <tarcieri> lol

00:10 <namelessjon> theartisan: They could have a dozen bcrypt'd fields. Not that it matters with a password space of 26 or 36 ;)

00:13 <namelessjon> Hmmm. Actually, could you do something with shamir's secret sharing, so that you did actually have to know all three/n letters together? (but even that wouldn't be a large password space)

00:15 <theartisan> Yeah, they tell me to protect my pin, but store it plain text in a database, leading by example...

00:16 <theartisan> Or as close to pain text...

00:17 <namelessjon> You hope in some kind of HSM for a bank. But only hope :/

00:20 <tarcieri> lol

00:20 <namelessjon> A secret sharing approach could make it 36^3, instead of 3*36, which is a factor of >100 harder, but its 100x a really tiny number.

00:24 <namelessjon> I'm off, though

00:24 <tarcieri> ttyl namelessjon