Re: exploring the use of manual encryption of passwords (newbie)

Discussion in 'Computer Security' started by Alex D, Sep 29, 2004.

  1. Alex D

    Alex D Guest

    > I don't see why you need fancy encryption for that. Just write the
    > words backwards or something. Also, it's simple enough to avoid
    > pulling out the paper when someone is looking over your shoulder.
    >
    > > or even worse: forget or lose the piece of paper.

    >
    > Think of the paper as a $20 bill. You've probably carried $20 bills
    > in your pocket any number of times. How often have you forgotten and
    > lost one? Just exercise the same level of care with the piece of
    > paper, and you shouldn't forget or lose it.


    When I lose a 20$ bill, I lose 20$; when I lose my list of passwords, a lot of
    (albeit personal) data is at risk. The piece of paper is worth far more than
    the 200$ mentioned in the other post.

    The problem is that it is generally known and advised over and over again that
    you should *never* write down passwords on paper. That's OK if you have only
    one password to remember, but a problem if you have 20-50 sites, each with
    their password policy (making a single password impossible).

    So it is nice to have some manual encryption scheme to protect pasword lists,
    without the need of software to decrypt them.

    -alex-
    Alex D, Sep 29, 2004
    #1
    1. Advertising

  2. Alex D

    Paul Rubin Guest

    "Alex D" <> writes:
    > So it is nice to have some manual encryption scheme to protect
    > pasword lists, without the need of software to decrypt them.


    One thing you could do is pick some secret common suffix to all your
    passwords. Say your suffix is "khhx9". Then you could write your
    list as:

    hotmail fred295, penguin
    AOL freddy231, jellybean
    work fjones, banana

    etc. You'd memorize the suffix and not write it down, or else write
    it somewhere unobtrusive. Your actual passwords would be
    penguinkhhx9, jellybeankhhx9, bananakhhx9, etc.

    Just how much trouble do you think someone finding your piece of paper
    is going to go to, in order to cryptanalyze your passwords anyway?
    Where do you intend to use these passwords? If you're going to type
    them into (e.g.) public kiosk computers, maybe you want to be more
    concerned about keystroke loggers than someone pulling a piece of
    paper from your pocket, figuring out its significance, and using it
    against you.

    Another thing you could do is use an electronic gadget, either a PDA
    or maybe a cell phone. Most cell phones these days have a phone book
    feature and maybe some of them can be protected by an access code. So
    you'd just store your passwords in the phone book.
    Paul Rubin, Sep 29, 2004
    #2
    1. Advertising

  3. Alex D

    David Eather Guest

    Paul Rubin wrote:
    > "Alex D" <> writes:
    >> So it is nice to have some manual encryption scheme to protect
    >> pasword lists, without the need of software to decrypt them.

    >
    > One thing you could do is pick some secret common suffix to all your
    > passwords. Say your suffix is "khhx9". Then you could write your
    > list as:
    >
    > hotmail fred295, penguin
    > AOL freddy231, jellybean
    > work fjones, banana
    >
    > etc. You'd memorize the suffix and not write it down, or else write
    > it somewhere unobtrusive. Your actual passwords would be
    > penguinkhhx9, jellybeankhhx9, bananakhhx9, etc.
    >
    > Just how much trouble do you think someone finding your piece of paper
    > is going to go to, in order to cryptanalyze your passwords anyway?
    > Where do you intend to use these passwords? If you're going to type
    > them into (e.g.) public kiosk computers, maybe you want to be more
    > concerned about keystroke loggers than someone pulling a piece of
    > paper from your pocket, figuring out its significance, and using it
    > against you.
    >
    > Another thing you could do is use an electronic gadget, either a PDA
    > or maybe a cell phone. Most cell phones these days have a phone book
    > feature and maybe some of them can be protected by an access code. So
    > you'd just store your passwords in the phone book.


    Also as a though you could use a cheap electronic diary / telephone
    directory 32 k memory etc the ability to use a password to lock everyone
    else out and brute forcing is hard (a little harder) because the device is
    slow. I did this once to travel in a country that didn't like encryption.
    Not to worry I couldn't remember the password for the organiser when I got
    off the plane.

    A friend just lost a bank card (with the pin written on he back) - i showed
    him some ways to hide his pin - write 10 pin numbers on the back of the
    card. one bank I know issues pins with at leats one pair doubled - you have
    to match the format -none of them your pin but perhaps related - like the
    last digit of each is 2 away or some such.. Finders love such things
    because there odds of nabbing your cash 30%. They try your numbers and by
    misdeed do you the favour of retuning your card after the third failed
    attempt.

    As my last try for a possible solution for you try the NKVD system for
    encryption. J Savard has a good description on his web site.
    Letters are turned into digits in a repeatable non to straining method - a
    little care is required
    You memorise a few digits to be a key and stretch it out as long as you
    need. Add the key stream to the NKVD letters without any carry - you
    reverse the process by regenerating the key stream and subtracting from the
    NKVD letters. Not too tedious but not perfect security either.
    David Eather, Sep 29, 2004
    #3
  4. Alex D

    Guy Macon Guest

    You can make an easy-to-remember passphrase and turn it
    into a password like this:

    "In the winter it is too cold for swimming so I play video games"

    becomes

    "Itwii2c4ssIpvg"

    (Note the upper case, lower case, and use of numbers.)

    You should, of course, make up a sentence and not use anything that
    someone else might figure out such as a quotation or saying.
    Guy Macon, Sep 29, 2004
    #4
  5. Alex D

    L;ozT Guest

    "Alex D" <> wrote in message
    news:uOt6d.260425$-ops.be...
    > > I don't see why you need fancy encryption for that. Just write the
    > > words backwards or something. Also, it's simple enough to avoid
    > > pulling out the paper when someone is looking over your shoulder.
    > >
    > > > or even worse: forget or lose the piece of paper.

    > >
    > > Think of the paper as a $20 bill. You've probably carried $20 bills
    > > in your pocket any number of times. How often have you forgotten and
    > > lost one? Just exercise the same level of care with the piece of
    > > paper, and you shouldn't forget or lose it.

    >
    > When I lose a 20$ bill, I lose 20$; when I lose my list of passwords, a

    lot of
    > (albeit personal) data is at risk. The piece of paper is worth far more

    than
    > the 200$ mentioned in the other post.
    >
    > The problem is that it is generally known and advised over and over again

    that
    > you should *never* write down passwords on paper. That's OK if you have

    only
    > one password to remember, but a problem if you have 20-50 sites, each with
    > their password policy (making a single password impossible).
    >
    > So it is nice to have some manual encryption scheme to protect pasword

    lists,
    > without the need of software to decrypt them.
    >
    > -alex-
    >


    .....sorry if I'm stating the obvious, or if it has already been mentioned
    (only just joined the thread), but could you not simply write the password
    list as a text file, and then encrypt that file using PGP or something
    similar, then you only need to remember one password (the PGP'd file
    password). You could then quite happily e-mail a copy of the PGP'd file
    round your organisation, and still feel quite safe that only the most expert
    and determined organisation is ever going to read it without knowing your 1
    password to open it.

    Cheers

    L;ozT ....................
    L;ozT, Oct 1, 2004
    #5
  6. Alex D

    Alex D Guest

    > ....sorry if I'm stating the obvious, or if it has already been mentioned
    > (only just joined the thread), but could you not simply write the password
    > list as a text file, and then encrypt that file using PGP or something
    > similar, then you only need to remember one password (the PGP'd file
    > password). You could then quite happily e-mail a copy of the PGP'd file
    > round your organisation, and still feel quite safe that only the most expert
    > and determined organisation is ever going to read it without knowing your 1
    > password to open it.
    >
    > Cheers
    >
    > L;ozT ....................



    OK, but I want to carry a paper version around, not an electronic version: so,
    everything has to be done in my head.
    Alex D, Oct 5, 2004
    #6
  7. Alex D

    Luigi Guest

    > As my last try for a possible solution for you try the NKVD system for
    > encryption. J Savard has a good description on his web site.


    Just to help a little, Savard's site is here:
    http://home.ecn.ab.ca/~jsavard/
    Quite interesting.
    I could not find out NKVD system's page: would it be a big problem for
    you to post it here, please?
    Thank you.

    Luigi
    Luigi, Oct 7, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. DVD Verdict
    Replies:
    1
    Views:
    518
    Black Locust
    Jun 25, 2005
  2. (PeteCresswell)

    Circuit City Exploring DVD Pricing?

    (PeteCresswell), Mar 18, 2006, in forum: DVD Video
    Replies:
    3
    Views:
    394
  3. =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D

    Which hard drive encryption program has the strongest tested encryption & security?

    =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D, Sep 24, 2004, in forum: Computer Security
    Replies:
    6
    Views:
    3,771
    Kornholio
    Feb 20, 2008
  4. Replies:
    7
    Views:
    510
    Mark B.
    Oct 8, 2005
  5. Frank ess

    Exploring High Bit Depths in Photoshop

    Frank ess, Oct 27, 2005, in forum: Digital Photography
    Replies:
    2
    Views:
    305
Loading...

Share This Page