Re: Simple Paper and Pencil Cipher

On 2010-06-08, Matthias <arnd-matthias.langner@xxxxxxxx> wrote:
On Tue, 08 Jun 2010 14:50:34 -0700, Paul Rubin wrote:

Matthias <arnd-matthias.langner@xxxxxxxx> writes:
I am looking for a 'wallet vault' that allows me to carry the pin codes
... I convert it two digit wise into hexadecimal format, yielding 38

Seems way too complicated. Who are you trying to protect these numbers
against? What kinds of attacks do you think they can use? The usual
situation with an ATM card is if you guess the wrong PIN three times in
a row, the machine confiscates or invalidates the card.
My imagined opponent is a clever thief. I read the story of an elderly
lady in my newspaper, who wrote down her pin codes as fictitious phone
numbers in her notebook. It took the thief only several phone calls to
get a clue ....

So it's likely enough to do something very simple and then keep the
method to yourself.

Security by obscurity is not always a good idea. My assumption was: The
thief has my wallet with all the credit and ATM cards along with the slip
of paper with the enciphered pin codes. He has an idea which information
this slip of paper might contain and which algorithm I may have used, and
he has - as you mentioned - three tries per card.

No an arbitrary number of tries per card. You just go to different atms
and do two tries and then cancel. I have not tried it, (well I have) but
I do not think that 10 bad tries on 5 different machines will trigger
the confiscation routine.

Of course it is obvious that trivial passwords (first names or birth
dates of wife or kids ...) are insecure in this scenario. I assume a not
too easy to guess passphrase.

I accept 'way to complicated' if it implies reasonably secure, but this
is a logical non sequitur. Complicated is not necessarily secure. This
was the point of my question.