A bank wants to store the account number of its customers (an 8-digit number) in encrypted form on magnetic stripe ATM cards. Discuss the security of the following methods for storing the account number against an attacker who can read the magnetic stripe: (1) store a cryptographic hash of the account number; (2) store the ciphertext of the account number encrypted with the bank's public key

using a public-key cryptosystem; (3) store the ciphertext of the account number encrypted with the bank's secret key using a symmetric cryptosystem.

What will be an ideal response?

---

In each of these cases, the account number is assumed to be a secret. (1)
This solution is not very secure, even though it is considered computationally difficult to
determine the input to cryptographic hash function given only its output. The problem
is that there aren't that many plaintexts and the attacker can hash every possible 8-digit
account number and check the stored hash on the card against this list. (2) This solution
is also not very secure if the public-key encryption algorithm it uses is deterministic, like
RSA. The problem is that everyone knows the bank's public key and there aren't that many
plaintexts; hence, the attacker can encrypt every possible 8-digit account number and check
the encryption on the card against this list. (3) This solution is quite secure, since only the
bank's secret key can encrypt and decrypt this ciphertext, and once it is decrypted, then
the bank also gets the account number, so no additional linkage between the card and the
account number is needed. Moreover, the bank's secret key is not known by any attacker
and it is assumed to be sufficiently long that there are a large number of possible ciphertexts
even though the number of plaintexts is relatively small.