Re: exploring the use of manual encryption of passwords (newbie)
From: jcastro (jcastro_at_tj.rj.gov.br)
Date: 09/28/04
- Next message: Paul Rubin: "Re: exploring the use of manual encryption of passwords (newbie)"
- Previous message: Damian Menscher: "Re: Any truth to rumor that NSA had Public Key Crypto first?"
- In reply to: Alex D: "exploring the use of manual encryption of passwords (newbie)"
- Next in thread: Alex D: "Re: exploring the use of manual encryption of passwords (newbie)"
- Reply: Alex D: "Re: exploring the use of manual encryption of passwords (newbie)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 28 Sep 2004 14:32:23 -0700
Hi, alex.
Your idea of simple manual encryption is interesting, but you will need
extra care with your notebook: anyone who put his hands on it and type
everything into a computer will be able to break the encryption.
This said, to the algorithm proper:
> To have a quick conversion using simple mathematical operations,
passwords are
> all-digits; should a site impose the use of alpha chars, they are
added
> unencrypted; the essence is the remaining string of digits.
This is bad; gives too much information to an attacker. Better encode
digits/alpha into a consistent numeric alphabet:
0..9 as themselves, A..Z as 10..35. Thus, you would do arithmetic
modulo 36.
> The operation would be to do a simple modulo add of password digits
and
> corresponding key digit:
> :123781263478 ("password")
> #442348129322 (key)
> =565029382790 (real password)
This is a decryption operation, not encryption: the encrypted value is
in your notebook, and you use the key to get the plaintext (the
password to your ISP/site/etc). And the private key must be maintaned
secret (in your brain, preferably), and not be obvious (no names, no
birthdate, no ssn, etc).
An adding modulo (alphabet size) of plaintext and key is simple enough,
but gives margin to attack - if one knows that one password encrypted
is just digits in plaintext, he can narrow the possible keys to give
only digits when decrypting. So, the more reason to keep your notebook
secure.
For item 2:
> Often, keys must be arranged in grids (e.g. Playfair), then some
(sometimes
> relatively) complicated algorithm must be applied to transform
cleartext
> characters into cyphertext. Why not use this scheme: for each
(plaintext, key)
> character pair, draw a "vector" (x,y displacement) from plaintext
char to key
> char; then extend the vector in the same direction. The character
found under
> the resulting position is the cipher char.
Can work, provided that the vector can wrap around the square's sides.
Not much better than Playfair, I guess. And, IMHO, it's somewhat hard
to me to visualize the vectors.
José de Castro Arnaud.
- Next message: Paul Rubin: "Re: exploring the use of manual encryption of passwords (newbie)"
- Previous message: Damian Menscher: "Re: Any truth to rumor that NSA had Public Key Crypto first?"
- In reply to: Alex D: "exploring the use of manual encryption of passwords (newbie)"
- Next in thread: Alex D: "Re: exploring the use of manual encryption of passwords (newbie)"
- Reply: Alex D: "Re: exploring the use of manual encryption of passwords (newbie)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
