There should be a formal security analysis supporting why this design is secure. The main things to analyse are:
The one-time pad (OTP) based encryption scheme used to encrypt the PIN codes. The main issue here is that the OTP key is used to encrypt several codes. If the codes are in turn randomly selected this should be fine, otherwise not.
What happens if a code is updated? The adversary who is assumed to have access to the database can detect changes. This suggests that #4 (archiving) is a good idea from more than one perspective.
13 would probably violate one of the properties required for the OTP: the distribution of ciphertext-plaintext pairs would no longer be uniform.
18 to ensure that this doesn't leak any information about the login code.
oscarb
commented
8 years ago
There should be a formal security analysis supporting why this design is secure. The main things to analyse are:
13 would probably violate one of the properties required for the OTP: the distribution of ciphertext-plaintext pairs would no longer be uniform.
18 to ensure that this doesn't leak any information about the login code.