Re: Paper & pencil password algorithm
- From: WTShaw <lurens1@xxxxxxxxx>
- Date: Wed, 4 Feb 2009 15:06:31 -0800 (PST)
On Feb 4, 3:19 am, use...@xxxxxxxxxxxxxxxxxxxxxxxxxxx (James Taylor)
wrote:
WTShaw <lure...@xxxxxxxxx> wrote:
James Taylor wrote:
I'm asking for a keyed hash because I want to generate long passwords
and my idea for how to do that was to use a pseudo-random sequence that
is initialised by the hash of the website name in question.
Back to the off-the-shelf idea, you can use a pseudorandom character
generator (pRCG) and generate a password as a permutation of a whole
set, makes it harder to solve.
I'm not sure I can see exactly how that works. I think I will definitely
need to see an example.
I've had it all along just not too hep looking.
At this stage I'd be grateful for any and all ideas. So don't worry how
it looks.
Just how long do you want that password to be?
The advantage of a random sequence generator is that I can make my
passwords as long as I wish. I can't imagine ever wanting passwords
longer than 100 characters even for super top secret stuff, and for
convenience I'll probably keep most of them between 20 and 50 characters
depending on the value of the account in question. However, I'm not
quite sure why you need to know the length of the desired password
before designing the algorithm.
I will explain with an example if you select a dummy named whatever
Ok, so let's say I have a site namedwww.easy-123.com, and I would
append a version number to the name that is incremented each time I wish
to change the password, so I'd want to input the strings
"www.easy-123.com1", "www.easy-123.com2", etc, into the initial hash.
I would also want entirely different but similarly named sites calledwww.easy123.comorwww.easy-321.comto produce completely different
passwords.
An example of the process would be brief.
Please show me. I am very excited to see it work.
To be really customized, you edit the set
to your own base permutation, obviously simple,
but I'll do the example with a rather generic set.
Only certain sizes are ready,
I'm not sure what you mean by that, but perhaps the example will make it
all clear.
Aside from the set of a certain length, your seed input can be a file
description, title, etc., there are lots of variables.
Yes, sounds really good. I can't wait.
--
James Taylor
Selling you on the permutation idea means that clues to any real
meaning that might be derived from character frequencies are gone,
gone, A check that a valid sequence might be used is that all
characters in the password should be different and that might be hard
to do for large sets, especially by hand. The thing then you look at
would be associated patterns from similar keys. But back to the
strength of such keys.
Starting at a low length process that would utilize just lower case
letters as an example, a permutation is worth about 60 bits, and
that's not $7.50 either (sorry, a Spanish pun). For 48 characters,
it's about 200 bits, 64 for 300 is, 400 for 81, and something like 500
bits for 97 characters. I say bits but it has really nothing to do
with bits except by conversion from other bases to give equivalent
values of random effort that might be used to make such a keys or
passwords.
So the example is a-z in an custom order. The base might be anything
but usual order sufficient here. And since we in this example are
using only letters, make it so in these passwords. In my list sets, I
select Alpha 26, abcdefghijklmnopqrstuvwxyz. Let's say that you
wanted to mix the set according to www.easy-123.com. Since this
example has only letters, it's "www dot easy dash one two three dot
com" this time. There is a adder number with a default of 3 but can
be 0 to 1 less than the size of the set, or it can be a set as that
version number if you wish. OK, enter the number and scramble once.
Result is vcukahtegysndblzfrxiqmwjop. Scramble twice, and you have
mnbeflrwoixtdhjpcsuyvgqkza. Let's change "easy" to "hard".
Pass1=vcukdxjgyeasnbltzhqfimwrop and
Pass2=mkxzedashoqbclrfuwjvygntpi.
On the other end, change "three" to "four" in the "hard" key, and try
10 Passes. For "three" we get: ywoeqmsrdalfhjpibtuznkxcvg and for
"four" we get: koqgvrlhcbtfymiaxzpesndwuj.
So, passes could be set via a new field, lots of this particular
program can be trimmed away, other characters might be included as
number, periods, etc., but probably input might be case neutral even
as I suspect you never make a case mistake yourself. The rest of the
problem is decide what characters you actually do want/need and if any
more need be added to meet some critical number of characters
necessary for a set size for good strength which my super secret
research might suggest is desirable. OK, your punt. Custom to get it
right, it's all OK just to make a point or few.
.
- Follow-Ups:
- Re: Paper & pencil password algorithm
- From: James Taylor
- Re: Paper & pencil password algorithm
- References:
- Paper & pencil password algorithm
- From: James Taylor
- Re: Paper & pencil password algorithm
- From: Kristian Gjøsteen
- Re: Paper & pencil password algorithm
- From: David Eather
- Re: Paper & pencil password algorithm
- From: James Taylor
- Re: Paper & pencil password algorithm
- From: WTShaw
- Re: Paper & pencil password algorithm
- From: James Taylor
- Paper & pencil password algorithm
- Prev by Date: Re: Paper & pencil password algorithm
- Next by Date: Re: Paper & pencil password algorithm
- Previous by thread: Re: Paper & pencil password algorithm
- Next by thread: Re: Paper & pencil password algorithm
- Index(es):
Relevant Pages
|
