Re: exploring the use of manual encryption of passwords (newbie)
From: Alex D (anon_at_anon.anon)
Date: 09/29/04
- Next message: Alex D: "Re: exploring the use of manual encryption of passwords (newbie)"
- Previous message: Twan van der Schoot: "Re: Any truth to rumor that NSA had Public Key Crypto first?"
- In reply to: jcastro: "Re: exploring the use of manual encryption of passwords (newbie)"
- Next in thread: Paul Rubin: "Re: exploring the use of manual encryption of passwords (newbie)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Sep 2004 23:28:28 GMT
(for some reason my M$ does not want to prefix the usual '>' and indent in
this reply, while this works for other messages in this NG, so please ask Bill
why)
"jcastro" <jcastro@tj.rj.gov.br> wrote in message
news:1096407143.246725.272930@h37g2000oda.googlegroups.com...
Hi, alex.
Your idea of simple manual encryption is interesting, but you will need
extra care with your notebook: anyone who put his hands on it and type
everything into a computer will be able to break the encryption.
alex: I suppose by a brute-force attack on the target system? Because the key
won't be found, and the written-down numbers have no information.
This said, to the algorithm proper:
> To have a quick conversion using simple mathematical operations,
passwords are
> all-digits; should a site impose the use of alpha chars, they are
added
> unencrypted; the essence is the remaining string of digits.
This is bad; gives too much information to an attacker. Better encode
digits/alpha into a consistent numeric alphabet:
0..9 as themselves, A..Z as 10..35. Thus, you would do arithmetic
modulo 36.
alex: ah, but I cannot handle modulo 36 arithmetics in my head, so I limit my
alphabet to 10 digits (that's already hard enough :-)).
An adding modulo (alphabet size) of plaintext and key is simple enough,
but gives margin to attack - if one knows that one password encrypted
is just digits in plaintext, he can narrow the possible keys to give
only digits when decrypting. So, the more reason to keep your notebook
secure.
alex: But private key and passwords are maybe 10-15 digits long, so shouldn't
be broken in years; time enough to replace the passwords should the piece of
paper get compromised?
- Next message: Alex D: "Re: exploring the use of manual encryption of passwords (newbie)"
- Previous message: Twan van der Schoot: "Re: Any truth to rumor that NSA had Public Key Crypto first?"
- In reply to: jcastro: "Re: exploring the use of manual encryption of passwords (newbie)"
- Next in thread: Paul Rubin: "Re: exploring the use of manual encryption of passwords (newbie)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
