Re: exploring the use of manual encryption of passwords (newbie)

From: Alex D (anon_at_anon.anon)
Date: 09/29/04


Date: Tue, 28 Sep 2004 23:28:28 GMT


(for some reason my M$ does not want to prefix the usual '>' and indent in
this reply, while this works for other messages in this NG, so please ask Bill
why)

"jcastro" <jcastro@tj.rj.gov.br> wrote in message
news:1096407143.246725.272930@h37g2000oda.googlegroups.com...
Hi, alex.

Your idea of simple manual encryption is interesting, but you will need
extra care with your notebook: anyone who put his hands on it and type
everything into a computer will be able to break the encryption.

alex: I suppose by a brute-force attack on the target system? Because the key
won't be found, and the written-down numbers have no information.

This said, to the algorithm proper:

> To have a quick conversion using simple mathematical operations,
passwords are
> all-digits; should a site impose the use of alpha chars, they are
added
> unencrypted; the essence is the remaining string of digits.

This is bad; gives too much information to an attacker. Better encode
digits/alpha into a consistent numeric alphabet:
0..9 as themselves, A..Z as 10..35. Thus, you would do arithmetic
modulo 36.

alex: ah, but I cannot handle modulo 36 arithmetics in my head, so I limit my
alphabet to 10 digits (that's already hard enough :-)).

An adding modulo (alphabet size) of plaintext and key is simple enough,
but gives margin to attack - if one knows that one password encrypted
is just digits in plaintext, he can narrow the possible keys to give
only digits when decrypting. So, the more reason to keep your notebook
secure.

alex: But private key and passwords are maybe 10-15 digits long, so shouldn't
be broken in years; time enough to replace the passwords should the piece of
paper get compromised?



Relevant Pages

  • Re: BigNum -- Floating Point
    ... but that's not what makes their digits such a convoluted mess. ... The reason is because they each have something called a ... represent rationals, then you get division as a property of rational numbers. ... Paul Hsieh ...
    (comp.programming)
  • Re: Is the question answered?
    ... the reason it has not is that Mr. bimms is unwilling to ... All he can do is repeat his ... To claim that the digits of pi are random is at best completely misleading. ... If suddenly the pool balls started jumping randomly around the table, ...
    (talk.origins)
  • Re: Equifax security lapse
    ... AND passwords are duplicates. ... I also suspect that {last name, birth year, last 4 digits ... of SSN} will also have duplicates. ...
    (misc.consumers)
  • Re: problem of arithmetic modulo
    ... Subject: problem of arithmetic modulo ... then add up its digits, giving c=2142, then computing the desired values: ... I trust the conjecture is a joke. ... I would suggest the OP calculate the sum mod 7 of the decimal digits ...
    (sci.math)
  • Re: Parts Numbering Scheme
    ... >numbering scheme. ... The next two digits indicate a major subsystem or group of related parts ... A big reason why local phone numbers in the US are ... I would create a database to go with this, with the part number as the ...
    (sci.electronics.design)