Re: Paper & pencil password algorithm

On Feb 5, 8:52 am, use...@xxxxxxxxxxxxxxxxxxxxxxxxxxx (James Taylor)
wrote:
Paul Rubin <http://phr...@xxxxxxxxxxxxxx> wrote:
James Taylor writes:
I quite like that idea, but firstly I don't currently have a suitable
smartphone and, more importantly, I want a paper & pencil algorithm
which I can share around my friends and family,

They will think you are crazy and ignore your suggestions.

Hehehe! That may be the case, but I have to try to find an algorithm
that's easy enough for them to use. I may use a slightly more rigorous
version of the algorithm for myself and tailor it simpler for my less
mathematically minded friends. It all depends on their level of need. My
need for algorithmic passwords is rather great and increasingly urgent,
but theirs may be far less. It's all a question of judgement and
balance. In any case, I need a hash that actually works well enough to
distinguish similar website names, or the same name with different
version numbers appended, otherwise I have no basis to tailoring the
rest of the algorithm. A good hash is a fundamental pre-requisite.

--
James Taylor

I think that I showed that I could make similar names give much
different results. I scanned the rest of the thread and picked out a
few points, surely
no all...been busy on a must do other project today.

Considering the need for an uppercase letter, at least one, is best
satisfied by making zeros automatically be represented by a solitary
UC letter "O" in the permutation and the letter "o" would still be
filtered lower case before zeros became "O's. "

I would look at bigger character sets and here are the results. A set
of 49 is usable as abcdefghijklmnopqrstuvwxyzO123456789.,?/:~@#()_-'
which includes most characters for url's, regular phone numbers, and
email addresses which would determine each password.

Bigger yet is 52 characters
abcdefghijklmnopqrstuvwxyzO123456789.,?/;:~@#()_-'$* while sets with
65 or 66 elements could also work. I rate on absolute base strength A
for 55, B for 65 and 52, and C for 49 which is still good. Most bases
don't even get an honorable mention as high as an F but are rated G
for Gone and candy for future hackers.

There are other uses for these bases, 66 is good for a stream cipher,
65 if nice to handle base 64 related algorithms, and 49 can be
converted quite easily to bases 26, 78, or 94, all of which are
"reinteratively" strong. (My spell checker didn't like that word.)
I've written functional block ciphers of all of the above and one way
for storing passwords would be through their conventional use and the
character inputs could be made to match the password sets. Anyway
this sounds like a good series of projects for me eventually if not
sooner.

Sometimes ago, not too long, I mentioned again some stream ciphers
which seemed and sounded simple enough to break. At the time, time was
not what I had lots of and I failed to meet that challenge because of
that. Large deranged sets tend to muck up such solutions.
Complications are involved here that are not anticipated by a
neophyte.

In a simple stream cipher adding sequential character values from the
deranged set, an additional integer constant adder can be included in
each sum. There is lots of room for variation here in method,
stepping, etc. I use a similar method to generate a series and
harvest new different characters to rebuild a total character set. At
some given level, this process is halted and any leftovers unfound
characters are added to the new set. again, there are variations
available here and that process has one-way attributes.

The input set and the key do need to be the same in this particular
programming creature. The problem with using a native system and/or
java script pRNG is that it can be changed in updates to do whatever
strange things the companies desire including thing that you might
not. The standard is to do things in the best secure means which does
include storing your passwords or any regeneration programs if on a
computer on another one. There is good reason to run old machines as
backups and for security and data base functions. In examples, we
need not care about that just as long as we utilize good backups of
critical software.
.

Relevant Pages

  • Re: Reading and writing a big file in Ada (GNAT) on Windows XP
    ... memory for a substring; this is very descriptively called memmemand ... common cases (no mapping, single character patterns, and so on). ... So in this case a better algorithm is probably the way to go (and I ... the source length is>M and the pattern length is>N, ...
    (comp.lang.ada)
  • Re: Regular Expression for validating a url field
    ... (Do not use the tab character for indentation, ... against a supposed string value, and since you do not do perform a strict ... If x is NaN, return false. ... `false' is returned to the calling algorithm, ...
    (comp.lang.javascript)
  • Re: Reading and writing a big file in Ada (GNAT) on Windows XP
    ... this kind to compile the 'needle' into some automaton which could skip ... If the automaton sees a character that is ... So in this case a better algorithm is probably the way to go (and I ... write your programs with a standard library routine, ...
    (comp.lang.ada)
  • Re: Question about bit strength
    ... Make good guesses about strength of an encryption soultion is not very ... The algorithms used to derive the key and for actual encryption process ... algorithm is at most equal to the number of steps needed to break it; ... method 2 using every character in the bit range bar the first 15. ...
    (sci.crypt)
  • Re: Password alternatives
    ... their algorithm remaining secret, which in terms of cryptography is bad ... I'm not an expert on tokens. ... Unlike passwords, biometrics do have the problem of False Accept Rate ... passphrases as a string of characters, ...
    (Security-Basics)