Question Based Encryption

From: Scott (googlegroups_at_scottsavarese.com)
Date: 10/05/04 

Date: 4 Oct 2004 18:04:38 -0700

I encrypted a bunch of files on my computer a while back, and when I
tried to decrypt them recently I realized that I had forgotten my
password. I eventually got the password, but it got me thinking about
coming up with a mechanism that I can use to protect my passwords,
without using another password that I would forget. The only thing I
can think of is a question based mechanism where the system would ask
me several questions that only I would know (such as "Where was my
first kiss?") and then using the responses to generate the key, and
unencrypt my password file. I would then store the file and the perl
script on a usb key to keep them safe.

I am wondering how to turn the responses into an encryption key. If I
say that each 8bit character, is a character in the key, then it would
weaken security a bit... Since most characters are letters or numbers
(62 possibilities out of 256 possibilities in an 8 bit character) it
means some/most of the bits in the key will be predictable. Therefore
I was wondering how to remove the predictable bits from an 8 bit
character. If there are 52 possible letters, that means I can get 6
bits out of each letter that is given (and 3 bits out of the 10
numbers).

Does anybody know about a solution to my problem, or maybe a better
way to get what I want? If there isn't something out there already,
can somebody help me find a way to properly create a key?

The email address listed on the list does not work due to an insane
amount of spam. However, I will be keeping track of replies in the
newsgroup.

Thanks,
Scott

Relevant Pages

  • Re: Help secure my data (They will steal my drive)
    ... but it supports strong password-based encryption and can be ... printable ascii characters about 6.5 bit per character. ... In case your passphrase is not trivial it's much more likely an attacker ... will try to recover plaintext from swap files/virtual memory and from ...
    (sci.crypt)
  • [NT] NewsReactor Encryption Scheme Cracked
    ... encryption. ... Each character is simply 64 characters up the ASCII table from ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • Re: Defeating keyloggers with encrypted one time passwords (a patent spoiler?)
    ... > TIME PASSWORDS and more precisely an A4 sized paper full of them and ... > but just so little that the user can easily remove the encryption. ... > - remove two first character of each password ... The paper method also works well without the decryption instructions. ...
    (sci.crypt)
  • Re: Converting Commodore text files to The Numerica Format?
    ... >> byte for every character. ... The fun starts if you use a more complex ... > ago I ported a QBasic encryption program to C128 BASIC 7.0 If Paul is ... > Encryption is really pretty secure using the program I converted. ...
    (comp.sys.cbm)
  • Re: simple string encryption
    ... which seems to be a fast and small xor encryption algorithm. ... string into a textbox and then read the string from the textbox ... The reason is because strings in VB use two bytes per character and your code, as it stands, is messing about with both bytes of each character. ...
    (microsoft.public.vb.general.discussion)