How a Hacker Remembers a PIN

If you have more than a few bank cards, door-entry keycodes, or other small numeric passwords to remember, it eventually gets to be a hassle. The worst, for me, is a bank card for a business account that I use once in a blue moon. I probably used it eight times in five years, and then they gave me a new card with a new PIN. Sigh.

Quick, What’s My PIN?

How would a normal person cope with a proliferation of PINs? They’d write down the numbers on a piece of paper and keep it in their wallet. We all know how that ends, right? A lost wallet and multiple empty bank accounts. How would a hacker handle it? Write each number down on the card itself, but encrypted, naturally, with the only unbreakable encryption scheme there is out there: the one-time pad (OTP).

The OTP is an odd duck among encryption methods. They’re meant to be decrypted in your head, but as long as the secret key remains safe, they’re rock solid. If you’ve ever tried to code up the s-boxes and all that adding, shifting, and mixing that goes on with a normal encryption method, OTPs are refreshingly simple. The tradeoff is a “long” key, but an OTP is absolutely perfect for encrypting your PINs.

The first part of this article appears to be the friendly “life-hack” pablum that you’ll get elsewhere, but don’t despair, it’s also a back-door introduction to the OTP. The second half dives into the one-time pad with some deep crypto intuition, some friendly math, and hopefully a convincing argument that writing down your encrypted PINs is the right thing to do. Along the way, I list the three things you can do wrong when implementing an OTP. (And none of them will shock you!) But in the end, my PIN encryption solution will break one of the three, and remain nonetheless sound. Curious yet? Read on.

Continue reading “How a Hacker Remembers a PIN”

Decypering The Illuminati

A few months ago, a strange account popped up on Whoever is behind this count is based in Bielefeld, Germany – a place that doesn’t exist. They are somehow related to the Berenstain / Berenstein Bears dimensional rift, and they may be responsible for giving Cap’n Crunch only three rank insignia on his uniform. There is something very, very strange about this account. Since August, a black and white image of static, 98 pixels wide and 518 pixels tall has sat on this account profile. The Illuminati has given us enough clues, but until now, no one has managed to crack the code.

The first person to make sense out of the patterns in static is [Moritz Walter]. What’s in the code? More codes. While that’s not really helpful, it is to be expected.

SecretCodes2The hackaday illuminati included one additional piece of information with their encoded static image: a 12×12 pixel bitmap. When this bitmap was XORed with the main image, symbols appeared. In total, there are only seven unique symbols in the image. These symbols seem to be stolen from the Fez alphabet, but there are some significant differences. These symbols are rotated multiples of 90 degrees, and are surrounded by a one pixel border that is either black or white (we’re calling the border a ‘sign’ bit). In total, these seven symbols arranged in four different rotations with two different signs yields forty unique variations of a symbol in the decoded image. At this point, it should be noted 7*2*4 = 56.

As of now, cracking the illuminati’s cyphered machinations has hit a roadblock. There’s a dead image file on the illuminati’s profile. Until that image is rehosted, there is no way to progress any further. That’s not going to stop people from trying, though: the chat channels on have been buzzing about the newly decrypted images. Hopefully, with time, someone will figure out what it all means.

7400 project encrypts and decrypts data

[Nakul], [Nikilesh], and [Nischal] just finished posting about their entry in the 2012 Open 7400 Logic competition. It’s an encryption system based entirely on 7400 logic chips. The device operates on 8-bit binary numbers, which limits its real-world applications. But we bet they learned a lot during the development process.

The encryption algorithm is based on a the concept of cellular automaton. This is a something with which we’re already familiar having seen many Conway’s Game of Life projects around here. What we’re not familiar with is this particular wing of the concept called ‘Rule 30‘. It works well with this project because a complex pattern can be generated from simple beginnings.

After conceptualizing how the system might work the team spent some time transferring the implementation to the chips they had available. The end result is a quartet of chip-packed breadboards and a rat’s nets of wires, but the system is capable of both encrypting and decrypting data.