ANSI X9.19 is yet another banking standard created by the ANSI X9 working group and published by the American Bankers Association.

X9.19 is essentially an update of ANSI X9.9, with a few minor changes to deal with the change from wholesale banking in X9.9 to retail banking in X9.19.

Like X9.9, X9.19 defines a standard for message authentication using DES in CBC mode. In fact, the basic mechanisms are identical, which is a sensible idea, since it allows hardware or software to be used in either situation.

X9.19 also includes an optional mechanism for making brute force attacks harder. The X9.9 MAC only allows up to a 56-bit key, which is not particularly secure. With X9.19, you can specify an additional 56 bit key which is used to strengthen the algorithm.

If the additional key is specified, the MAC is computed as normal, but after it has completed, the output is first decrypted with the second key, and then encrypted with the first key again.

The reason for this odd method is because, if the second part of the key is identical to the first, the MAC is exactly the same as that computed by X9.9. This way, one can implement X9.19 completely in hardware, and if X9.9 compatability is needed, simply set the two halves of the key to the same thing.

An especially funny thing about the ANSI X9 standards is the absolutely ridiculous cost of them. For example, ANSI X9.19 is $80 direct from ANSI. In total, the document is 20 double-sided pages (including useless introductory matter, disclaimers, and legalese), leading to a cost of about $4 per page! The document itself is "bound" with two pieces of slightly thicker paper, and three staples.

Log in or registerto write something here or to contact authors.