How to hide passwords

There are men who must remember many passwords, and as age
advances, it becomes increasingly difficult and risky to try
to remember from five to maybe several dozen passwords. Now,
people can more easily remember geometrical patterns. Suppose
a pattern of characters is placed on a website somewhere or
printed out and tacked up on the wall, or stored on a PDA or
an ipod, so it can be read anytime (by the attacker, too,
doubtless)... and this pattern consists of an arrangement of
characters like, say

| ewia cdxd swza jvhf |
| yn8j q$wp oilk oipo |
| hxls junq 1wer jh4$ |
| 8tjd oick |
| gm3k ovg0 thvd hkdi |
| jhgf d@sa zuka sve7 #zo3 er@w |
| g*zx eiph swed rfcx cvb5 n1o2 |
| 6^df gtrf gev6 bvmq |
| poxe icos |
| wwia b!nv gygh ewia |
| nn8j j^4n 7wdu yn8j |
| xxls uiw8 kopl hxls |
| |
| @oqw ewia 7izb &gth pvej |
| yn8j y4$u io%p d9fg hxls |
| keif jvhf |
| @oqw pmkl oipo qwer |
| ty4j f89c jh4$ i9o3 |

Suppose the person needing to chose a password takes for
instance the six corner characters going clockwise and then
the next four inward, yielding "efs3tynpeo". He could also
have other passwords hidden in this same pattern, such as at
the bottom right, "i9o3rewq", and there could be any number
of others in use at the same time. When it's required to
choose a new password, he simply picks out a new pattern
hopping around the array somehow.

How secure would this be?

Assume the attacker can read this array, and knows the
general method being used, too. He does not know what
geometrical patterns have been picked.

It seems to me that if he takes a brute force approach then
he's basically searching the whole alphanumeric space.

Perhaps there's a weakness in that the human mind would tend
toward certain symmetries or something? Still, the search
space would have to be huge, right?

Wood

.

Relevant Pages

  • Re: US Military bans HTML in emails
    ... Complex passwords are not that much harder to ... Consider a password with a choice of X different characters for each ... takes using all upper- and lowercase letters, ... I can see only two advantages of complex passwords: ...
    (comp.os.vms)
  • RE: Basic question
    ... If somebody else hasn't covered it already, I'll try to send out a Kerberos ... > Unicode character set and can be up to 128 characters long, ... > Pre-W2K user interfaces limits do not allow passwords to ... I believe that you are referring to *LM* hashes. ...
    (Focus-Microsoft)
  • RE: Password statistics and standards
    ... If you shut off the storage of LM hashes, over 9 Characters will buy you ... Take a look at Perfect Passwords for some creative ideas: ... information about accounts which is helpful in telling me ... Norwich University ...
    (Security-Basics)
  • Re: US Military bans HTML in emails
    ... You mean like requiring 6-character passwords to now be "complex"? ... the need for non-alpha characters. ... I've seen passwords with zeros for O's and 3's for E's. ... What hacker ever think of that? ...
    (comp.os.vms)
  • Re: US Military bans HTML in emails
    ... Now the MIS departments has tightened security. ... You mean like requiring 6-character passwords to now be "complex"? ... the need for non-alpha characters. ... I assume here that the hacker has somehow obtained a backup tape ...
    (comp.os.vms)