Diary of a mad man
Carry your PIN number in your wallet
I have a confession to make. I have been carrying the PIN number to my credit cards in my wallet for the last five years!
In my wallet I have a slip of paper right next each of my cards that looks like this…
A B C D E F G H I 6 9 2 1 6 2 4 0 1 J K L M N O P Q R 8 7 9 1 7 2 3 2 4 S T U V W X Y Z 7 7 2 8 1 7 2 0
… I can remember a four letter word easier than four random numbers and have challenged many people to guess my pin number from it. e.g. if the four letter word was MOVE then the PIN would be 1286 and if the four letter word was CHIP then the PIN would be 2013.
I cryptographic terminology this is classed as a one way hash, a terrible idea for encrypting data on the internet but for data as small as 4 numbers it works quite well. 4 numbers only gives (10^4 =) 10000 combinations at the best of times although there are things that can be done to try and break it.
If we take a standard dictionary file (/usr/dict/words) there are 1778 four letter words that could be used. Based on the example matrix above that equates to 907 different PIN numbers. While this is still too many to guess at random we are down a long way from the 10000 original possibilities. I’ll let you decide if that is an acceptable risk.
It’s worth noting that while most people would probably use a four letter dictionary word there’s nothing from stopping you using things like “A DOG” or “I RUN” or even a pass phase “Am I Nicely Secure?” = AINS.
What are your views? Foolish or clever? Are there any other wallet tricks that people know?
| Print article | This entry was posted by Dogsbody on 4 Mar 2011 at 12:01 am, and is filed under Security. Follow any responses to this post through RSS 2.0. You can leave a response or trackback from your own site. |
about 2 years ago
Interesting idea. Words/letter combinations easier to remember than four digits, so see the benefit.
Do you have a different lookup table for each card?
And if so, does that pose a new risk to using the wrong table?
about 2 years ago
Yes, a different lookup table for each card allows the pin for each card to be different but the word to be the same.
I don’t think there is any risk of using the wrong table as each table sits behind its card in the wallet but you obviously have to use different random digits for each card else it would be obvious which four letters were being used.
Humans are very bad at generating random numbers so this could be another attack vector but we are talking about very small amounts of data and a quick program or even a spreadsheet can be used to generate a more random table
about 2 years ago
cake = 2676?
i usually remember the shape the combination makes on the keypad
about 2 years ago
No
Shapes work well too but you do need a separate shape for all your PIN’s else they will all be the same again.
about 2 years ago
Good idea, I too remember words but came unstuck when presented with a card terminal that didn’t have letters next to the numbers.
about 2 years ago
My pin is now in muscle memory. as proven by the fact that I can buy many drinks at a bar whilst faaaar too drunk.