The Naked Scientists

The Naked Scientists Forum

Author Topic: How secure is my password encryption method ?  (Read 3485 times)

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8122
  • Thanked: 53 times
    • View Profile
How secure is my password encryption method ?
« on: 27/09/2009 19:34:24 »
Can anyone work out what English word FTLM1XP0II is derived from ?

Only one standard mathematical operation was applied to the English word to convert it into  FTLM1XP0II

[Clue FTLM1XP0II doesn't have a "Z" in it].
« Last Edit: 28/09/2009 04:18:41 by RD »


 

Offline JimBob

  • Global Moderator
  • Neilep Level Member
  • *****
  • Posts: 6564
  • Thanked: 7 times
  • Moderator
    • View Profile
How secure is my password encryption method ?
« Reply #1 on: 28/09/2009 17:37:53 »
The method is as secure as your computer. If there is a way into your computer ANY information may be gotten off of it, including your method and algorithm to convert a  password into "FTLM1XP0II"

NOW. as math can be grossly complicated, even for just one variable, I doubt that anyone can just guess that the original password is "F***off"
 
 

Offline Bored chemist

  • Neilep Level Member
  • ******
  • Posts: 8644
  • Thanked: 42 times
    • View Profile
How secure is my password encryption method ?
« Reply #2 on: 28/09/2009 19:44:44 »
 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8122
  • Thanked: 53 times
    • View Profile
How secure is my password encryption method ?
« Reply #3 on: 28/09/2009 20:59:56 »
OK here's the method, treat the original meaningful English word as if it was a number in base 36,
 then convert it to another base, in this case base 35, (that's my "one standard mathematical operation") ...



The point of the exercise is so I can remember the password.
 I can remember passwords like "CAPITALISM" but would have difficulty remembering secure gibberish like "FTLM1XP0II"

BTW "f*** off" is not a secure passphrase ...

Quote
Avoid dictionary words in any language
Criminals use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, profanity, and substitutions.
http://www.microsoft.com/protect/fraud/passwords/create.aspx

[ So forget all that substituting letters with lookalike numbers 80110ck5 ]

[Clue FTLM1XP0II doesn't have a "Z" in it].

Base 35 does not include "Z", it only goes up to "Y".
« Last Edit: 28/09/2009 21:44:34 by RD »
 

Offline JimBob

  • Global Moderator
  • Neilep Level Member
  • *****
  • Posts: 6564
  • Thanked: 7 times
  • Moderator
    • View Profile
How secure is my password encryption method ?
« Reply #4 on: 29/09/2009 02:39:26 »
Hummmmm ..... I think someone has mistaken this forum for Benchly Park. Ain't no crypto-graphers here - at least I'm not.
 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8122
  • Thanked: 53 times
    • View Profile
How secure is my password encryption method ?
« Reply #5 on: 29/09/2009 05:24:07 »
... I think someone has mistaken this forum for Benchly Park.

Y'mean Bletchley park, (although they probably do have benches in the park).
 

Offline JimBob

  • Global Moderator
  • Neilep Level Member
  • *****
  • Posts: 6564
  • Thanked: 7 times
  • Moderator
    • View Profile
How secure is my password encryption method ?
« Reply #6 on: 30/09/2009 17:45:22 »
I am not from that cold little island spot in the North Sea. How should I know when the pronunciation is so far from the way it is spelled - sounds like Welsh Gaelic!
 

Offline graham.d

  • Neilep Level Member
  • ******
  • Posts: 2208
    • View Profile
How secure is my password encryption method ?
« Reply #7 on: 30/09/2009 17:53:03 »
The more examples of the encrypted text that are available the easier it becomes to find the decryption algorithm. Any clues to the algorithm used or to the nature and length of any key reduce the problem hugely. Guessing the algorithm from one word is impossible.
 

Offline MonikaS

  • Sr. Member
  • ****
  • Posts: 279
    • View Profile
How secure is my password encryption method ?
« Reply #8 on: 30/09/2009 19:52:25 »

Quote
Avoid dictionary words in any language
Criminals use sophisticated tools that can rapidly guess passwords that are based on words in multiple dictionaries, including words spelled backwards, common misspellings, profanity, and substitutions.



(Emphasis mine...)
Sophisticated? LMAO *snkr* There are ready made tools to be found all over the internet! And programming such a tool isn't even hard. You need an internet connection, or a huge harddisk at home... I'm not going to explain how... simply google for "Rainbow Tables"

And now for some completely different...
If you like to play around with cryptology check out this toy/tool
CryptTool
You can easily explore complex algoritms like Diffy-Hellmann and RSA, but you find good ol' Ceasar as well.
 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8122
  • Thanked: 53 times
    • View Profile
How secure is my password encryption method ?
« Reply #9 on: 30/09/2009 22:57:19 »
Thanks for the CrypTool Link MonikaS.

With the ever increasing computer power, (Moores "law"), dictionary hacks, and brute force attacks become more widely possible.
As you say the people doing this do not have to be sophisticated.

Anyone using passwords which include dictionary words are easy meat for them.

But I find trying to remember meaningless, but secure, gibberish passwords rather difficult
and have to resort to writing them down, thus rendering them less secure.

With my base conversion encryption I write down, or can remember, meaningful words, then convert them to base XX when I want to use them.

[my actual encryption method is slightly different but still uses base change to generate the gibberish pass phrase]

 
« Last Edit: 30/09/2009 23:47:32 by RD »
 

The Naked Scientists Forum

How secure is my password encryption method ?
« Reply #9 on: 30/09/2009 22:57:19 »

 

SMF 2.0.10 | SMF © 2015, Simple Machines
SMFAds for Free Forums