
Hello, I have already downloaded the sim and have complied it in VS 2008 and have connected to it, and it works great. I am just wondering if there is any way to find out what CVK pair was used to generate the CVV for the given account number. I have the
PAN, the EXPDATE, the SVC, and the CVV(generated using Generate VISA CVV), and I am wondering if I can use this info to find out what CVK pair was used to generate the CVV. Now obviously I already know what CVK pair was used for the CVV i have just generated
but I am wondering if there is a process to do this in reverse.
Thanks, Mitur


Coordinator
Feb 9, 2010 at 10:27 PM

CVVs are the first three numerical digits of an encrypted block which is the result of two DES operations mixed with a XOR operation. It's obviously nontrivial to generate the CVV without knowing the key otherwise CVVs would have become totally useless
and obsolete.
The only way to find the key would be to break it. To generate a CVV, one DES operation uses a singlelength key and the other uses a doublelength key. Attacks have been known to exist for TripleDES, especially when triplelength keys are not used
(see http://en.wikipedia.org/wiki/Triple_des#Security and
http://people.scs.carleton.ca/~paulv/papers/Euro90.pdf). These attacks are not always practical but they become increasingly possible due to the largescale availability of large amounts
of RAM and processing power of new processors and video card GPUs (see
http://www.newscientist.com/article/dn12825). In the case of CVV, matters are a bit complicated by the fact that CVV is comprised of the first three numerical digits of the DES/XOR operation, so the block 2FFF 3FFF 4FFF 5FFF yields a CVV equal to 234 
same as the block F2FF FF3F FFF4 5FFF.

