Bohack

Check In and Tune Out!
  
 
« Converting Active Directory Last Logon Time Integer to a Readable Date and Time
How To Compile Asterisk 1.8 on Ubuntu 10.04 LTS x86 »

How To Create Complex Passwords From Simple Passwords With Applied Cryptography



All authentication systems break down to three simple things: something you know, something you have or something you are. Something that you know is a password, something you have is a key and something you are is your physical looks.

Since most authentication systems require only your username and a password, a strong password that is complex is best. Coming up with good strong passwords that are complex is easy, remembering them is the tough part.
Phonetic passwords contain characters like 2, b, r, i, m, a, 4, and 8 to sound words like to, be, are, I, am, a, for, ate. Using these characters to create a ‘leet speak’ password is good, but weak because iterations of these are in ever dictionary attack out there.

An alternative is using salt to key cryptography. A salt is a random numeric number that alters the password to create a key; it is also known as a nonce. The key is irreversible, only the original salt and password can equal the key.

salt + password = key

Since we need to make this easy we will not be using md5 algorithms, instead we will use substitution; just like the Romans only with a twist. We need to first pick our salt, this salt will become yours and you will never disclose your salt ever. It’s like picking your totem from the movie Inception; it is only for you to know.

To pick your salt you will need non-pattered words at least 10 or more characters long, preferably with vowels. The first twelve letters “e t a o i n s r h l d c”, are found in around 80% of the words in the English language. You will need to find an isogram or non-pattered word, which means the word does not repeat any letters. I have a few below, none are mine (or maybe they are).

aftershock – artichokes – authorizes – bankruptcy

Note: To find more words like these Google the term Isogram.

We choose our salt let’s use aftershock. You will take the letters and place numbers above the word from left to right.

A F T E R S H O C K
1 2 3 4 5 6 7  8 9 A

or A=1, F=2, T=3, E=4, R=5, S=6, H=7, O=8, C=9, and K=A

If we have a name like ‘Jonathan’ we want to encrypt we will substitute a letter for number so ‘Jonathan’ would look like this ‘J8n13h1n’ this is our encrypted password that we can encrypt over and over again. Knowing our salt is always ‘aftershock’.

Tags: Cyrptography, Passwords, Security

This entry was posted on Sunday, February 26th, 2012 at 11:26 pm and is filed under Security.
You can follow any responses to this entry through the RSS 2.0 feed.
Both comments and pings are currently closed.

Comments are closed.

  • Channels

    • Beer (2)
    • Blog (1)
    • Exchange (2)
    • Ham Radio (1)
    • Homebrew (3)
    • Linux / Unix (4)
    • Misc (1)
    • Mods (4)
    • Networking (1)
    • Programming (4)
    • Recipes (2)
    • Scripts (7)
    • Security (1)
    • Software (2)
    • Spam (1)
    • Telco (7)
    • Virtual PC (1)
    • VMware (3)
    • VOIP (3)
    • Windows (16)
    • Windows 2008 (4)
    • Windows 7 (5)

  • Archives

    • September 2012
    • April 2012
    • March 2012
    • February 2012
    • January 2012
    • November 2011
    • September 2011
    • July 2011
    • April 2011
    • February 2011
    • January 2011
    • October 2010
    • August 2010
    • February 2010
    • January 2010
    • December 2009
    • November 2009
    • June 2009
    • May 2009
    • February 2009
    • January 2009
    • December 2008
    • November 2008
    • October 2008

  • Links

    • Blogarama Blogarama – The Blog Directory
    • BlogHub Blog Directory
    • Blogrankings Technology Blogs – Blog Rankings
    • Blogville.us blogville.us
    • Buzzerhut free directory | buzzerhut.com
    • Ontoplist Online Marketing
    • Primechoiceautoparts Discount Auto Parts
    • PTC My Employer
  
  Copyright - Bohack 2024 ©