Prev: Question About Cryptographically Hashing a Hash (SHA-512), ThenHashing That Hash, Etc.
Next: Fallout 3 crypto?
From: unruh on 9 Jun 2010 12:48
On 2010-06-09, Datesfat Chicks <datesfat.chicks(a)gmail.com> wrote:
> "Matthias" <arnd-matthias.langner(a)arcor.de> wrote in message
> news:4c0eb2f8$0$6874$9b4e6d93(a)newsspool2.arcor-online.net...
>>
>> Now a simple to remember passphrase comes in, assume it to be
>> THEMADHATTER.
>
> Your proposed scheme seems to be a variation of OTP encryption.
>
> I think you've made it a bit too complicated. I think it will be enough to
> choose a passphrase meaningful only to you. If you speak any foreign
> languages, perhaps a sentence that is meaningful to you in a foreign
> language. Or maybe a line from a movie that is memorable to you.
>
> But if you have a strong passphrase (meaningful only to you), I think the
> encryption could be modulo 256 and somewhat simpler than you've proposed.
>
> It would be incredibly difficult for an attacker to guess such a passphrase
> out of the sea of possibilities.

Not if you, like the poster, wrote the passphrase on his card. It is
easy to guess then. He wants a way of being able to write the passphrase
on his card, so that only he can figure out what the true passphrase is
from that "hint"

>
> Besides, if I wanted your PIN code and it was a matter of life and death, I
> wouldn't go after the encryption -- I would go after YOU. YOU are the
> weakest link. I actually had this happen to a friend in Detroit. A couple

Not if you are a crook who wants to fleece his account. You do NOT want
to let him know he is being fleeced until long after. Your model of the
threat is a bad model.

> of guys confined him in a car. One was in the back seat, and had a wire
> around his neck (my friend was in the passenger's seat) and was applying
> pressure and threatening to strangle him if he didn't give up the PIN. The
> driver got out and used his ATM card. He honestly believed he was going to
> die.

I would pay $300 to get out of that as well ( the limit on withdrawals
with my atm card)
>
> You might also download a program such as Keepass and keep everything there
> (although this eliminates the possibility of figuring out your pin until you
> get home).

Not much use if you want to withdraw money when not at home.

>
> A second possibility is to just choose your PINs to be some numbers that
> only have meaning to a mathmatician. Take the 10th prime number (don't know
> what is), and use the digits of the square root, the cube root, the fourth
> root, etc. (Or, better yet, if you've only got a cheap calculator
> available, the square root, 4th root, 8th root, etc.).

Not much use if you forget exactly which convoluted process you used. He
wants a system such that he can write the passphrase on the card, but so
that only he can use what has been written there to actually withdraw
cash.


>
> For example, choose 101 as the prime and just keep pressing the square root
> key on a calculator. 1004 might be your first PIN, 3170 the second, 1780
> the third, 1334 the fourth, etc.

Now you want him to carry a computer with him?

>
> Datesfat
>
From: Globemaker on 9 Jun 2010 18:04
On Jun 8, 5:15 pm, Matthias <arnd-matthias.lang...(a)arcor.de> wrote:
> I am looking for a 'wallet vault' that allows me to carry the pin codes
> of my diverse credit and ATM cards safely with me on a slip of paper and
> decipher them without the aid of computers or pocket calculators in a
> simple paper and pencil operation in a matter of minutes in case I forgot
> one of them.

My recommendation is to spell out the number and print it on paper
using Greek letters. A software tool like PassWord Mirror 4 helps to
print Greek or Cyrillic letters. I also use Cuneiform to print out my
pin number.

Here is an example of the preferred embodiment:
Pin = 4379

I know Greek letters from college and German numbers from my weeks in
Dusseldorf so...

fear dry zeben noin

I paste that in PassWord Mirror 4 and get Greek letters of German
words for my PIN
That software is at
http://toyonjungle.spaces.live.com/

If sci.crypt understood Greek letters the printout would look like
Greek:
φεαρ δρξ ζεβεν νοιν
From: Gordon Burditt on 9 Jun 2010 18:48
>> For example, choose 101 as the prime and just keep pressing the square root
>> key on a calculator. 1004 might be your first PIN, 3170 the second, 1780
>> the third, 1334 the fourth, etc.
>
>Now you want him to carry a computer with him?

Yes, it's called a cellphone. Many of them have calculator apps. It
isn't limited to smartphones, either.


From: Maaartin on 9 Jun 2010 21:38
On Jun 9, 1:02 am, unruh <un...(a)wormhole.physics.ubc.ca> wrote:
> No an arbitrary number of tries per card. You just go to different atms
> and do two tries and then cancel. I have not tried it, (well I have) but
> I do not think that 10 bad tries on 5 different machines will trigger
> the confiscation routine.

Are you sure? The ATM communicates to the bank, so why should it ever
allow more then 3 tries?

On Jun 10, 12:04 am, Globemaker <alanfolms...(a)cabanova.com> wrote:
> fear dry zeben noin

It's not German, but it looks quite similar (and funny).

> If sci.crypt understood Greek letters the printout would look like
> Greek:
> öåáñ äñî æåâåí íïéí

It works, but it's not very safe. The German numbers are too similar
to English ones and many Greek letters are quite well-known and quite
similar to Latin ones. It's just a monoalphabetic cipher. However, the
Greek letters prevents most people from cracking it in the most
straightforward way: posting it to the internet, since they can't type
it.

On Jun 10, 12:48 am, gordonb.96...(a)burditt.org (Gordon Burditt) wrote:
> >> For example, choose 101 as the prime and just keep pressing the square root
> >> key on a calculator. 1004 might be your first PIN, 3170 the second, 1780
> >> the third, 1334 the fourth, etc.
>
> >Now you want him to carry a computer with him?
>
> Yes, it's called a cellphone. Many of them have calculator apps. It
> isn't limited to smartphones, either.

My cellphone can't compute sqrt, but it can save PINs protected by a
master password. However, I have no idea how secure it is, has
anybody?

From: Fritz Wuehler on 10 Jun 2010 08:09

> Cynlsnve.
>
> ebffhz

Vf gung gur fnzr ng EBG13? Gungf jung V jbhyq unir fhttrfgrq.

First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: Question About Cryptographically Hashing a Hash (SHA-512), ThenHashing That Hash, Etc.
Next: Fallout 3 crypto?