# Paper & pencil password algorithm

I have far too many passwords to remember, especially as I try to use a
different password for each account, and some of my accounts are so
rarely used there's no chance of me remembering the passwords between
uses. This seems to me to be a common problem, but many people just use
the same password everywhere, leaving themselves vulnerable to having
multiple accounts compromised at once. So I've decided I really need to
come up with a personal algorithm for generating passwords (and
recalling them) based only on the account and/or website names, that way
I do not need to memorise, write down, or store my passwords
electronically, and I'll be able to recall them even years later.

I am not an expert in this field and the more research I do the more I
realise I badly need help from people who know this stuff. I guess most
readers of this newsgroup will have your own personal algorithms, but I
wonder if they are shareable or if they rely on the secrecy of the
algorithm itself.

I have an idea that I could use a pseudo-random number generator to pick
characters from a private key (eg. the initial letters of a poem, which
I would scribble on the back of an envelope from memory and destroy
afterwards). This would allow me to generate very random looking
passwords of any length, and the longer the better if I am to beat the
reach of automated password crackers, rainbow tables, etc.

In order to make this sequence generator simple enough to work out in my
head, or at least simple enough to do with pencil and paper, I was
thinking I could use a Linear Congruential generator modulo some power
of 10. My private key would essentially be just a substitution cipher
applied to the output of that generator, but it wouldn't need to be
reversible so some substitutions could map to the same output character,
and I would hope that this might mitigate some of the weaknesses of the
Linear Congruential sequence.

Anyway, exactly how I generate the sequence may be moot if I can't solve
the following crucial problem:

have been unable to come up with a good method of initialising the
random sequence from the name of the website in question. By "good" I
mean something simple enough to work out on paper, but which does not
produce the same output for very similar input names. I need a hash
function that's easy to calculate and performs well for short input
strings such as website names.

I've ruled out the standard cryptographic hashes as being far too hard
to work out on paper. CRCs, although simple in principle, involve too
much bit-shifting to be easy to do on paper. The Fletcher checksum is
the closest I've found to something practical (at least it is sensitive
to character transpositions, and only involves addition) but I can't
help feeling there must be a simpler hash with higher quality output.
I've even tried a method of walking around in my private key grid
changing direction and distance walked based on the letters in the name
and the letters in the grid, but this technique does not produce an
evenly distributed result, and has many collisions, so using the result
of that directed walk as the initial value for the Linear Congruential
random sequence is not ideal. Maybe there's some simple variation on
this idea that would work much better if only I had the mathematical
insight to see it.

Maybe someone knows of a simple but effective keyed hash or MAC function
that could be computed on paper using a small private key grid or lookup
table in some iterative fashion. The unpredictability of a keyed hash,
even a very simple one, may be good enough for this purpose.

Ultimately, I want the passwords generated to be easy enough to make and
remake without a calculator, and yet very difficult to reverse-engineer
the user's private key, or predict other passwords, even if the general
algorithm is known and several passwords are captured (eg. by a
keystroke logger). Indeed, I'd like to share the algorithm with friends
and family (each with their own private key of course) so they too can
improve their online security.

I feel deeply frustrated that I do not have any better ideas of my own.
At first glance the task seems so simple, but I feel like I've failed. I
would be very grateful for any and all ideas, however far-fetched or
silly, as any one of them may be the inspiration I so desperately need.

Can anyone help?

.

## Relevant Pages

• Re: Account lockouts
... for reusable passwords and the AAA infrastructures that rely upon them? ... In that context, account lockout policy -- duration, threshold, lockout ... > cracking attacks. ...
(microsoft.public.security)
• Re: Paper & pencil password algorithm
... rarely used there's no chance of me remembering the passwords between ... recalling them) based only on the account and/or website names, ... I have an idea that I could use a pseudo-random number generator to pick ... My private key would essentially be just a substitution cipher ...
(sci.crypt)