[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security for under a buck fifty
>...
> I got that number by grabbing handfuls of pennies out of a pile of
> 132--a true random number generator that cots less than
> breakfast--though, I will admit that it's somewhat cumbersome.
>
> But a number can be represented in many different ways. Create a
> six-bit character set, filling from 000000 to 111111 with a-z, A-Z,
> 0-9, . [period], and - [hyphen]. Now, the key becomes:
>
> Mx1SmVYpMrbp3mI-sYthaX
>
> Not impressed yet? Try using the human brain's wonderful talent for
> seeing patterns in randomness. If your mind just happened to work
> exactly like mine, you would get:
>
> Mx1 misSiles moVe Yp; Mr. bop of 3m I-s Yt haX. [Yt as in the
> element.]
>
> I would suggest that it would only take the average person a minute
> or two to memorize such a phrase, especially if she were the one to
> do the pattern-matching in the first place.
>...
> Can anybody suggest how to implement this? Can a computer program
> suggest mnemonics that would mean anything to a person? Even if the
> computer gives the user a screenful of such? Or, how about giving a
> screenful of "words," and letting the user mix-n-match?
I already do this -- except that I use a keystroke- timing program for
the true random source, and I do the mnomonic generation with my brain
instead of the program. My program just converts the random numbers to
uniformly distributed printable ASCII (values between space and del), for
a little more entropy than 6 bits per character.
A more automated way to generate a pass phrase might be to convert every
16 bits of random numbers to one of 65536 words and names in your
favorite languages. That way, you would have real words to memorize, but
in a strange order. For example, a 128 bit key might be:
tree elephant action roof xymurgy eight top slash.
You could try to think of some story to link the 8 originally unrelated
words together and help you to remember it.