Suppose you choose "A4RT" as your codeword. The codeword has no privacy concern
(it does not identify you) and is dynamic -- you can change it at will, if you
suspect someone else got it.

Compare with the other two identifiers that Citibank is using. Your full name
is private and static. The ATM's last-four is private and static too (unless
you want the burden to change your card often).

Lance James wrote:
But from your point, the codeword would be in the clear as well. Respectively speaking, I don't see how either solution would solve this.


Ed Gerck wrote:

List,

In an effort to stop phishing emails, Citibank is including in a plaintext
email the full name of the account holder and the last four digits of the
ATM card.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to