Password Idea

Discussion in 'Other Ghost Security Software' started by Peter2150, Mar 30, 2004.

Thread Status:
Not open for further replies.
  1. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,053
    One the idea's asked about for Cryptosuite, was a way to generate, store... passwords. Also some folks do use separate password programs.

    Alot of my use for cryposuite is almost a duplicate of winzip, and for this use I very short simple passwords.

    But I have some stuff, that I really want secure, as in really secure. In the Cryposuite help file, there is a website listed that has a neat password evaluator. To end up with a really strong password, requires a very random, and longer password. Problem how to remember without writing it down, etc etc.

    I found a simple solution right with in Cryposuite. What I've done is taken one of my old 6 or 7 character very weak passwords, that are now part of me, and I put it in the checksum part of the program. Then I test the various checksums in the password evaluator. Once I have one that passes and is extremely strong, I can just remember my simple short password, and which hashing scheme I used, and I end with a strong complex password.

    Comments??
     
  2. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    Well, your "key" is only as secure as it's weakest point regardless of what you do with it. What CryptoSuite does with your password is to basically "hash it" (read the helpfile for more details) a few times and splits it into 2 separate keys.

    The thing with any encryption program though is they need to store somewhere what methods it uses to generate keys which can be reverse engineered later if they wanted. This doesn't make the program any less secure though, because KNOWING the methods used to generate keys still means they need to know the original password used, and if that password is strong it doesn't help them at all.

    So whilst you are giving it a 32byte (I'll just assume MD5) checksum hash that is long, if someone knew what you did, they could do the same process and it would almost be just as quick as searching for the original 7 char password. So the weakest link in this particular case is making sure no-one knows how you generated your password since your original password is only 6-7 chars and is pretty weak.

    Since only YOU know which method you used to generate your key, which theoritically could just be the letter "a" passed through enough filters to generate something much much longer, as long as you kept this information secret and it wasn't attainable it is relatively secure. If the attacker didn't know the method used they would have to do the same thing to brute force your password whether you generated your password using the letter 'a' passed through filters to make a 64 character password or just entered a 64 character password.

    The whole security with generating passwords from something smaller though relies totally on the fact you keep which methods you used to generate the longer password secret, as soon as they find out what method you used it wouldn't take them long at all. :)

    -Jason-
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,053
    Hi Jason

    You've confirmed the logic I went thru.

    As I saw it basic choices were.

    a) Memorize a 40 character random password(this would be totally secure, even from me) :D
    b) Write it down. (I'd probably lose the paper.) :mad:
    c) Use some kind of password program.(more software,ugh!) :(
    d) Keep a secret. (This I think I can handle) :blink:

    Actually, I've already blown d, but what the heck :D
     
  4. northstar51

    northstar51 Registered Member

    Joined:
    Feb 5, 2004
    Posts:
    49
    hello: one method i've considered for password(s) is to select a booktitle and combine it with a numeric password, such as one's bank atm pin #. you'll have to select a book with a suitably long title, but that should be easy enough to remember...
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,053
    Hi Northstar51

    Actually that isn't a good password. Check out this site.

    http://geodsoft.com/howto/password/

    Go to the password evaluator, and enter your book title password. It probably won't even score, because it will fail the dictionary word test. Length won't help. Actually all it takes is 2 sets of double characters to flunk a password. It is an eye opener.
     
  6. northstar51

    northstar51 Registered Member

    Joined:
    Feb 5, 2004
    Posts:
    49
    Hello:
    peter2150 thank you for your tip. i will check that website out. thought password selection was a bit more complicated than what i was thinking, but couldn't imagine where to start to set a password. thanx...ns51
     
Thread Status:
Not open for further replies.