Re: Paper & pencil password algorithm

Paul Rubin <http://phr.cx@xxxxxxxxxxxxxx> wrote:

James Taylor writes:
As for carrying it around on a USB fob, well, I've lost count
of the number of times my fob has been infected with malware

I've skipped a lot of this thread but I thought at the beginning that
you wanted to be able to recompute all your passwords rather than
storing them somewhere.

Yes, correct. That is exactly what I'm looking for. However, there are
some people still trying to convince me that password managers are a
better way to go. The above quote was part of an explaination of why I
think carrying around anything sensitive on a USB fob, such as a
password manager, is a silly thing to do.

Once you're ok with the concept of storing them on some device

I'm not.

if the malware problem can be solved,

I doubt it ever will be.

why not just write them on a piece of paper, perhaps
using some very light encryption (security by obscurity)?

That's not a bad idea, and would be a perfectly reasonable thing to do
for some people in some situations. However, I specifically do not want
to be reliant on keeping a specific bit of paper up to date, kept in a
safe place, and always carried around with me (a somewhat tricky
combination). Instead, I want to not have any permanent bit of paper,
just a method that I can memorise. This thread is about finding a paper
& pencil algorithm I can use to make passwords from website names, etc.

I'd be very grateful for any help you can offer because I'm not a crypto
expert and what I most desire is a good keyed hash algorithm which takes
the website name and produces an initial state for a pseudo-random
number generator I can then use to make passwords of any length I wish.

--
James Taylor
.

Relevant Pages

  • RE: Rainbow Tables
    ... Subject: Rainbow Tables ... Fortunatly for this project we are only doing LM passwords, ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • Re: Whitespace in passwords
    ... Subject: Whitespace in passwords ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are ...
    (Pen-Test)
  • Re: Rainbow Tables
    ... wouldn't it be easier to create a diccionary with the passwords ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)
  • RE: Rainbow Tables
    ... Subject: Rainbow Tables ... Fortunatly for this project we are only doing LM passwords, ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are ...
    (Pen-Test)
  • Re: Rainbow Tables
    ... I have now been tasked to take a list of passwords and try to generate a precomputed hash table out of those passwords...not sure if this can be done but of course I have to find a way..since I am "holding up a project". ... Reason for this...the idea is that if we take the current list of passwords create a pre-computed hash table the next time we audit we'd run LC5 and all but the passwords that changed and new accounts would get knocked out right away. ... Hackers are concentrating their efforts on attacking applications on your website. ... Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. ...
    (Pen-Test)