 Security mal anders - oder - Hacking für Manager |
| |
|
Remember PIN codes for cash cards, mobile phones and others. |
| |
|
The idea |
| |
|
Have you ever dreamed of writing down your cash card pin and keep the note in your wallet? Or writing the pin of your mobile phone directly on the phone? Here is how it works - safe*! |
| * see Disclaimer at end of page |
| |
The only unbreakable code is by using the so called One-time-pad. This means, that during encryption a key is used that is at least as long as the text to be encyphered and that the key is only used once. This method qualifies perfectly for encrypting pin codes for your mobile phone or your cash card.
|
| |
|
How it works |
| |
First, find a word that meets the following conditions:
at least 10 characters long
within the first ten digits any character may only appear once
Finding such a word is not that easy, but after a few minutes you should have found a few. You may of course also use names or colloquial language. If you find a word that in addition sounds funny, it is even better (to remember).
Here are a few samples:
SPIDERWOMA N
WEBSURFING
MICHAELBOW ERS
CRYPTOGRAM
Let us take the word SPIDERWOMAN. It has 11 characters and within the first ten no character appears twice. SPIDERWOMAN will be our codeword.
Lets assume further, that we want to write down the PIN of our mobile phone. The PIN is 6409.
We then take the n-th character of the codeword SPIDERWOMAN, where n is a number out of the PIN 6409.
The 6th character of the codeword is R, the 4th is D, the 10th (=we take that as zero) is A and the 9th is an M.
1234567890
SPIDERWOMA N
_____R____ = 6
___D______ = 4
_________A = 0
________M_ = 9
ergibt 6409 = RDAM
We have now created RDAM out of 6409, wich we can note on a sheet of papaer and keep that in our wallet.
Of course you should not write down the codeword, and you better never ever forget it. |
| |
| |
|
Forgot your PIN? |
| |
|
Nothing easier than that. See, what we have written down : It is RDAM. Now just check on what position in our codeword SPIDERWOMAN these characters are. R is on position 6, D is on position 4, A is on position 10. which we take as zero and M is on position 9. That was our PIN. RDMA = 6409.
|
| |
| |
| |
|
Forgot your codeword? |
| |
No problem - as long as you still remember one or more PINs that were encyphered using the same codeword. You just work the other way around.
Have you forgotten also all your PINs you are lost - for sure. This method has no technical approach to hack your codeword.
Let us assume you remember the PIN of your mobile phone (6409) and the one from your car stereo (2371). Both PINs were encyphered with the same codeword and you have written down the following results:
Mobile = RDAM
Car stereo = PIWS
As we also remember the PINs themselves we can now rearrange the characters on the correct position of the codeword
That would be for RDAM = 6409 :
_ _ _ D _ R _ _ M A
We do the same in addition with PIWS = 2371
_ P I D _ R W _ A N
Even if some characters are missing, we see right away what our codeword was as long as our brain still works a little bit - it was SPIDERWOMAN.
| |
| |
|
Hack this code |
|
| |
This method can not be attacked using mathematical or statistical approaches. The only way is to spy out PINs that you handle more careless than the PIN from a cash card. For example I might see you tiping in your PIN for your mobile phone. If I then also would have access to the created code RDAM I can use the above mentioned method to find out your codeword. Then any other PINs are easy to calculate. Pay attention to this, because you have not used a One-Time-Pad if you encrypted more than one PIN.
Please keep in mind, that it is possible to find the code word, if you have encrypted many PINs with the same word and also wrote them on the same sheet of paper. The hacker needs to know the method you have used and can then find the word searching for anagrams of all characters. |
| |
| |
|
Enhancement |
| |
Of course, you may also use words as codeword that do have duplicates of characters. In that case just make sure they have at least ten different charcters in total. These words are by nature relatively long.
Strike out the duplicate characters and work with what is left.
Example:
PIN = 6409
Codeword = CRYPTOGRAPHY
will become CRYPTOGRAPHY = CRYPTOGAHY
and therefore 6409 will become OPYH |
| |
| |
|
Disclaimer |
| |
|
Even if this method withstands every mathematical and statistical attack, you should never write down PINs of cash- oder credit cards or other PINs that may cause financial or any other harm to a person or a thing if the PIN is not secret any more. The method described here should then not be used and I therefore will not be responsible if you use the method in another way. |
| |
