| Welcome to Crypto. We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. Join our community! If you're already a member please log in to your account to access all of our features: |
| A Password Safe; An Improved way to store passwords | |
|---|---|
| Tweet Topic Started: Apr 19 2014, 07:49 PM (266 Views) | |
| fiziwig | Apr 19 2014, 07:49 PM Post #1 |
|
Elite member
![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
After playing around with several ideas I think I've come up with a pretty good way to keep your online password both safe and handy. Construct a Jefferson Cipher cylinder with 12 wheels each having 36 characters around the perimeter. (Similar to this one: http://vimeo.com/43819008 ) All 26 letters and the digits 0 through 9 are included, and are in a different random order on each wheel. Each wheel has a random mixture of upper case and lower case letters. For example, every wheel will have "M", but half of the wheels will have upper case "M" and half will have lower case "m", and the same for every other letter of the alphabet. For each account that needs a password you have a plaintext key phrase. For example, you might use: "BANK ACCOUNT" for your bank account "NETFLIX KEYS" for your Netflix account "AMAZON BASIN" for your Amazon account And so on. For each account you also have a single key number or letter that you can safely write down somewhere. For example, you might use "9" for your bank account, "R" for Netflix and "W" for Amazon. Then to log in to your bank account you would dial the cipher wheels to spell out "bankaccount" (Note that there would be a mixture of upper case and lower case which you just ignore when dialing in your key phrase.) Now there will be 35 different enciphered versions of the plaintext key phrase, so which one do you use? Your key number for your bank account is "9" so you rotate the whole assembly until you find the row that starts with "9" and that's the one you use. When you type in the password you will use the correct upper or lower case letters as they appear on the cipher wheel so that your password will have a mixture of both cases, in addition to numbers. To change your password you can simply change your single key character from "9" to something else like "Q", and then you will be using a different row and have a completely different password from the same key phrase "BANKACCOUNT". From time to time you might also change your passwords by mixing up the order of the wheels. When you change your passwords that way be sure to write ALL the old passwords down before you take the wheels apart and mix them up because you will need your old passwords to change to the new password. Once all your passwords are changed you can safely throw away the paper with the old passwords on it. Be careful never to mix up the order of the wheels because then you will lose all your passwords! Physically, I think I'd want between 4 and 5 mm of height for each letter, and with 36 letters and numbers that works out to a circumference of 144 to 180 mm, or a diameter of around 46 to 57 mm (right around the 1 7/8 to 2 1/4 inch range, or somewhat smaller than a 10 oz. soup can). Dividing the wheel with a protractor is easy because 36 characters goes into 360 degrees with exactly 10 degrees per letter. Or the letters could be printed out in columns on a sheet of standard printer paper and the wheels made to fit the height of the strip with the printed letters. For example, see my Enigma machine: ( http://cryptopian.com/enigma1.html ) only with the letters running vertically down the strip instead of horizontally as pictured. Or if you have a jigsaw or band saw you could make wooden wheels using this method: http://youtu.be/1BdBE9Xp0I4 Using a whole upper case and lower case alphabet in addition to the 10 digits would result in too big of a wheel. To fit all 62 characters using 5 mm per character would take a wheel almost 4 inches in diameter. That's too big for convenient use (nearly the size of a the large round Quaker Oatmeal box). This has a big advantage over other encryption methods for passwords because once you turn the wheels to spell out a particular password, you will have the whole password right there in front of you to type into the keyboard. You don't have to remember or write down a password encrypted one letter at a time. And once you've logged in you just rotate the wheels to some random setting and your passwords are all hidden again. |
![]() |
|
| novice | Apr 20 2014, 07:23 AM Post #2 |
|
Super member
![]() ![]() ![]() ![]() ![]() ![]()
|
Er, not quite. I have just one password to remember. This opens the box where I can click on the url of the site I wish to visit and then use the appropriate password(s) with a fast copy and paste -- no need for any typing at the keyboard at all. When only a single password is needed for access, clicking on the url is enough to connect. One of these days I expect the software will be upgraded to use voice recognition and then it will be a total hands-free operation. At that stage perhaps poor Jefferson will turn over in his grave. Well done Fiziwig for keeping his flag flying |
![]() |
|
| Grip2000 | Apr 20 2014, 09:30 AM Post #3 |
|
no member
![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
@all really important is a forward secrecy scheme. The implementation together with your methods would be interesting. http://en.wikipedia.org/wiki/Forward_secrecy BR GRip |
![]() |
|
| fiziwig | Apr 20 2014, 04:19 PM Post #4 |
|
Elite member
![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
So a hacker has only one password to crack to get into all your accounts? I might be paranoid, but I feel more secure knowing my passwords are not inside my computer where 1) they might be hacked, 2) they might be lost to a computer crash. Besides, I only have seven or eight sites that need passwords anyway. ...And I just like the idea of having a cool-looking Jefferson cipher wheel on my desk. And besides that, the Internet is just a passing fad anyway!
|
![]() |
|
| mok-kong shen | Apr 20 2014, 09:35 PM Post #5 |
|
NSA worthy
![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
That device would be rather inconvenient to carry in the pocket IMHO. (One needs also passwords when one is not at home.) But your earlier idea of 8*8 Playfair could be quite practical. One can namely easily carry a package of cards which are designated by numbers/names (the cards can be printed on both sides) and take the (secretly determined) few that are to be actually used to process the pairs of plaintext characters sequentially (with wrapping to the front). (The use is of course not limited to password generation but general.) Edited by mok-kong shen, Apr 20 2014, 09:39 PM.
|
![]() |
|
| fiziwig | Apr 20 2014, 10:17 PM Post #6 |
|
Elite member
![]() ![]() ![]() ![]() ![]() ![]() ![]()
|
How about using a card filled with letters and numbers, upper case and lower case, and use a secret method to hop from cell to cell on the card. Your card could have something like 15 rows x 15 columns with 225 cells. You could move like a chess knight using each letter you land on. Or start with the four corners and then hop from each diagonal to the next going clockwise or counter clockwise. Or take the third cell from row one, the fifth cell from row 2, the 7th cell from row 3, and so on. There are so many different ways you could hop around the grid to get the next character of a password that nobody could ever guess them all. For example, start on row 3 column 5 and go one cell right then one step down, alternating right and down until you hit 12 characters. Or go down the columns picking every fourth character you land on. Or ... ??? |
![]() |
|
| novice | Apr 21 2014, 07:46 AM Post #7 |
|
Super member
![]() ![]() ![]() ![]() ![]() ![]()
|
Better there than mistakenly put on the fire on a cold winter's night. If I was going to use a card system, which certainly would be more portable than a lump of wood, I would consider a code card and a mask card. These were popular for a while when credit cards began to proliferate. But I don't see the need for such cumbersome systems. The analogy is walking instead of flying for fear of a plane crash. Of course some people like to walk everywhere... |
![]() |
|
| novice | Apr 21 2014, 12:15 PM Post #8 |
|
Super member
![]() ![]() ![]() ![]() ![]() ![]()
|
Yes that is so. But I feel quite secure about that. As a boy I invented a language of my own to keep secret my youthful thoughts. It used some characters that are not in the Roman alphabet (phi for example). This language has proved quite useful in later years to form passwords that cannot be broken through dictionary attacks. For characters like phi I substitute others that are in the computer keyboard. A password of 20 characters using words in 'my' language is easily memorable and is beyond the Brute Forcing ability of the most able hacker. I suppose I may be invaded with some kind of bug that reports my keypresses but then I am in the same boat as everyone else -- with the possible exception that I write such a lot of nonsense that I doubt anyone could see the wood for the trees.
|
![]() |
|
| 1 user reading this topic (1 Guest and 0 Anonymous) | |
| « Previous Topic · General · Next Topic » |





![]](http://z2.ifrm.com/static/1/pip_r.png)



7:27 PM Jul 11