>Solitaire (...) was featured in Neal Stephenson’s book Cryptonomicon under the name “Pontifex”.

It was introduced under the name "Solitaire", "Pontifex" was used initially as a temporary code-word when characters couldn't speak freely.

I've always wondered if just using plain RC4 (adapted to a card deck) would be simpler (and probably more secure). Adding two-digit (0..52) numbers by hand is easy for almost everyone, and RC4's swap step is no more involved than the `cut` operation of Solitaire. The only downside is that it requires user to keep track of `i` and `j` - two additional two-digit numbers (in memory, because writing anything down is against the threat model of characters in the story). I agree it's error-prone. But, assuming temporarily writing things down with pen and paper is OK according to my threat model, I think RC4 would work nicely.

Of course Bruce is the world-class expert in cryptography and I'm not, so you should probably ignore my grumbling here :).

This article notes that the algorithm "leaks information at a rate of 0.0005 bits per character" and as such it's fine for encrypting a tweet but not a novel. Can someone with a better understanding of cryptography put 0.0005 bits per character in context? Maybe suggest a practical upper limit to its usefulness that's more specific? More than 140 characters but less than a whole book leaves a lot of wiggle room.

edit: To be clear I mean someone with a better understanding of cryptography than me. I don't doubt the author's expertise.

One of the interesting parts of this is the key exchange. Handing off a deck of cards works - but that's not always practical.

Fortunately, many major newspapers distribute keys each day.

                 S A 6 3
                 H Q 2
                 D Q 10 8 7 4 2
                 C K 5

    WEST                        EAST

    S 7                         S J 10 9 2
    H J 10 9 8 5                H K 7 6 4 3
    D A J 6 3                   D K 9
    C J 10 8                    C A 9


                S K Q 8 5 4
                H A
                D 5
                C Q 7 6 4 3 2
And there are so many to chose from
My favorite low-tech cipher(e.g. if I ever have to encrypt something by hand) is Quagmire III[0], notably used to encrypt sections K1 and K2 of Kryptos[1].

[0]: [1]:

Weakness discussed here
In the age of mobile devices littered with sensors, randomness is far more achievable.

I made a random number generator in Automate that takes takes the end digits that are really just noise and put that into a random seed.