Memory-only selection of dictionary PINs

Martin Stanek

We estimate the security of dictionary-based PINs (Personal Identification Numbers) that a user selects from his/her memory without any additional aids. The estimates take into account the distribution of words in source language. We use established security metrics, such as entropy, guesswork, marginal guesswork and marginal success rate. The metrics are evaluated for various scenarios -- aimed at improving the security of the produced PINs. In general, plain and straightforward construction of memory-only dictionary PINs yields unsatisfactory results and more involved methods must be used to produce secure PINs.

Knowledge Graph



Sign up or login to leave a comment