Re: exploring the use of manual encryption of passwords (newbie)
From: David Eather (eather_at_tpg.com.au)
Date: 09/29/04
- Next message: Kim Hyldgaard: "IKE behind NAT problem"
- Previous message: Dr. David Kirkby: "Re: How can I act as a Certificate Authority (CA) with openssl ??"
- In reply to: Paul Rubin: "Re: exploring the use of manual encryption of passwords (newbie)"
- Next in thread: Guy Macon: "Re: exploring the use of manual encryption of passwords (newbie)"
- Reply: Guy Macon: "Re: exploring the use of manual encryption of passwords (newbie)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Sep 2004 22:07:05 +1000
Paul Rubin wrote:
> "Alex D" <anon@anon.anon> writes:
>> So it is nice to have some manual encryption scheme to protect
>> pasword lists, without the need of software to decrypt them.
>
> One thing you could do is pick some secret common suffix to all your
> passwords. Say your suffix is "khhx9". Then you could write your
> list as:
>
> hotmail fred295, penguin
> AOL freddy231, jellybean
> work fjones, banana
>
> etc. You'd memorize the suffix and not write it down, or else write
> it somewhere unobtrusive. Your actual passwords would be
> penguinkhhx9, jellybeankhhx9, bananakhhx9, etc.
>
> Just how much trouble do you think someone finding your piece of paper
> is going to go to, in order to cryptanalyze your passwords anyway?
> Where do you intend to use these passwords? If you're going to type
> them into (e.g.) public kiosk computers, maybe you want to be more
> concerned about keystroke loggers than someone pulling a piece of
> paper from your pocket, figuring out its significance, and using it
> against you.
>
> Another thing you could do is use an electronic gadget, either a PDA
> or maybe a cell phone. Most cell phones these days have a phone book
> feature and maybe some of them can be protected by an access code. So
> you'd just store your passwords in the phone book.
Also as a though you could use a cheap electronic diary / telephone
directory 32 k memory etc the ability to use a password to lock everyone
else out and brute forcing is hard (a little harder) because the device is
slow. I did this once to travel in a country that didn't like encryption.
Not to worry I couldn't remember the password for the organiser when I got
off the plane.
A friend just lost a bank card (with the pin written on he back) - i showed
him some ways to hide his pin - write 10 pin numbers on the back of the
card. one bank I know issues pins with at leats one pair doubled - you have
to match the format -none of them your pin but perhaps related - like the
last digit of each is 2 away or some such.. Finders love such things
because there odds of nabbing your cash 30%. They try your numbers and by
misdeed do you the favour of retuning your card after the third failed
attempt.
As my last try for a possible solution for you try the NKVD system for
encryption. J Savard has a good description on his web site.
Letters are turned into digits in a repeatable non to straining method - a
little care is required
You memorise a few digits to be a key and stretch it out as long as you
need. Add the key stream to the NKVD letters without any carry - you
reverse the process by regenerating the key stream and subtracting from the
NKVD letters. Not too tedious but not perfect security either.
- Next message: Kim Hyldgaard: "IKE behind NAT problem"
- Previous message: Dr. David Kirkby: "Re: How can I act as a Certificate Authority (CA) with openssl ??"
- In reply to: Paul Rubin: "Re: exploring the use of manual encryption of passwords (newbie)"
- Next in thread: Guy Macon: "Re: exploring the use of manual encryption of passwords (newbie)"
- Reply: Guy Macon: "Re: exploring the use of manual encryption of passwords (newbie)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
