[ale] OT - New encryption technology using a piece of paper

Michael Trausch mike at trausch.us
Sat Sep 3 19:47:28 EDT 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/03/2011 06:35 PM, Michael H. Warfield wrote:
> All,
> 
> I'm sorry, but I'm going to top post on this one...  This will be a
> bit of a rant (and long) but mild for me and I'll keep the math
> level reasonable...
> 
> Oh, here we go again...
> 
> http://www.xkcd.org/936/ 
> http://isc.sans.edu/diary.html?storyid=11350 
> http://www.xkcd.com/538/
> 
> Lets see...  The dudes that do xkcd seriously DO seem to know
> something about cryptography and entropy.  I'm impressed!  There's
> a very subtle clue to that in the first reference.  The first URL
> is "Through 20 years of effort, we've successfully trained everyone
> to use passwords that are hard to remember, but easy for computers
> to guess."  So true.

No disagreement here.  For that matter, limited passwords are an
option of last resort for me.  I prefer long passphrases.  One or two
whole sentences, something that I can type in a matter of three
seconds or so and are (at least I hope!) not something that someone
could guess.  I usually like to make them nonsensical in some way
(word substitution is good for that).

> Important thing to note about that xkcd cartoon (the first
> clue)... They attribute 11 bits of entropy to each word.  Believe
> it or not, that tells me that they really do know something about
> what they're talking about.  That is exactly the entropy derived
> from the random selection of words from a 2048 word lexicon.  There
> may be one or two on this list who might be familiar with
> Bellcore's old "S/Key" OTP (one time password) system.  Something
> similar to the RSA tokens only algorithmic based (based on a
> one-way hashing function) rather than time based. This was codified
> in RFC 2289, <http://www.ietf.org/rfc/rfc2289.txt> "A One-Time
> Password System", the IETF OPIE / S/KEY RFC (the lexicon is in 
> Appendix D).  OPIE stands for "Onetime Passwords in Everything".
> You can get free OPIE calculators for Palm, Android, and (I think)
> iPhone.

I like OPIE, too, but I have yet to have anyone agree to allow me to
implement it for them...  they'd rather get dedicated tokens.  (Why?
Carrying around less crap is better, or so my small mind thinks.)

> I recently had to deal with this situation designing a system where
> one designer suggested using this for a password generator (we only
> needed random password generation but a human may have to type it
> on some hopefully rare day...).
> 
> < /dev/urandom tr -dc A-Za-z0-9_ | head -c8
> 
> Y0anE48h rawxT_FL Jh2fMiTu
> 
> Gee...  Anyone think that's any good?  Show of hands?

Wow.  That HURTS.

> Now, I have a ranpass.sh password generator based on OPIE that
> will generate a passphrase from 6 to 20 words from the OPIE
> lexicon...  Let's look at a few outputs.
> 
> "ITS BAT JILT WEAL MEN SUD" "ANT KURD DUNK LIP TIME GUS" "DOG TAN
> IDEA KURT BELL BUN" "SNAG GETS EAT DADE ADDS TWIN"
> 
> Ok...  Those all have 66 bits of entropy.  You want more, go to 8
> words:
> 
> "HEM IF CUP ANEW SHAW GAGE NUDE SILO" "CLOG ROME OWLY ED GRIM TINY
> NAGY GAG"
> 
> That's 88 bits of entropy and it really is!
> 
> Do they look like strong passwords to you.  Many people who say no.
> I would bet a lot of experienced admins would have a knee jerk
> reaction and say they weren't.  Think again.  Yeah, they really
> are.  Stronger than what you're likely to dream up.

And useful on systems that will let you use them.  As I mentioned
already, I prefer whole sentences.

Here is one that I used to use:

  The car (on the house) sat in the basement!  I saw it in the window.

I did indeed have two spaces there.  I still have the annoying habit
of double-spacing after a sentence... and no, I don't use that for
anything (nor will I ever again, obviously).

> Oooo...  Cracklib FascistCheck likes them.  That will pass a
> "strength based" password checker like pam-cracklib and John the
> Ripper will never even come close to busting them.  Even the
> password strength checker in my Revelation password safe likes them
> and says they're good and very strong, even though its generator
> would never generate them.  But it won't get you past the
> complexity checkers that demand that you must have at least 3 of
> the 4 categories of upper case, lower case, numerals, and
> punctuation.  XKCD got it right!  Dead on.

My sentences usually work for most of the complexity checkers.  That
is, if I'm allowed to use something that long in the first place.  On
systems that allow arbitrary input I even use Unicode characters.  I
like Unicode.  :)

> [And I still DO NOT BELIEVE the MORONS who write web pages that
> limit your passwords to no MORE than 8 characters - yeah, I still
> see them.]

Calling Chase Bank.

> Those passwords are stronger than anything most carbon based
> lifeforms will come up with and yet they are easy to type in and
> easy (for some) to remember it just take a few more hits on the
> keyboard (but you really ARE going to use copy-n-paste from a
> keyboard safe, now aren't you?  Be honest now.).

I have my password card on my phone and taped on my monitor.  Now try
guessing how many lines and turns I used to create my password... :^)

Actually, I find that I remember them after using them a few times.  I
can't tell you what they are... but I can type 'em.  Good enough for
me.  I'll use them for that single service for as long as I can get
away with if it is long enough.

> Bottom line is that none of this really helps in the real world of 
> password sniffers, keyloggers, and the anatomy of a hack anyways.
> And periodic forced password changes make it even worse by adding
> more opportunities for password sniffers and trojans to go to work.
> Sigh... We got it wrong.

Correct me if I'm wrong, a sniffer is going to get the password
without the password change, right?  It doesn't take a password change
to make a keylogger work... and there is some merit to periodic
password changes, though I think they probably ought to be event-based
("our database was stolen", "we found bugs on keyboards", "someone
stole surveillance video", "your password has been reset").  Of
course, in some events you'll wind up replacing hardware as well, at
least if you're not able to take the time to inspect it thoroughly first.

> Here...  Final word...  You don't want totally random but you want 
> something strong that will zip past the stupid complexity
> checkers? Seriously try something like this...
> 
> monk2frog: Read that back again! dress4girl: It's only purple, too
> bad... leaf0tree: It's fall now - bye bye.
> 
> Ok...  You've got two patterns in there.  Two objects separated by
> a number, "monk2frog:", "cart2horse:", "doll4girl:" etc, etc, etc,
> and ending with some punctuation.  LOTS of possibilities.  You got
> your number and your punctuation right there.  You got 3 of the 4
> categories in one sweep.  Now add a simple nonsensical statement
> (yeah, I love Louis Carol for things like this...) and you got caps
> and another punctuation along with some spaces.  They will never
> bust it.  Still doesn't even come close to what the full random
> OPIE space will do but pretty damn good.
> 
> A monk yells at a frog working on a book yelling "Read that back
> again!"
> 
> You'll remember it months...
> 
> I do eat my own dog food.  I really do use systems like these.
> They work.  They work well.  Just pisses me off when I have to
> change one for no bloody good reason.

+1.

- -- 
A man who reasons deliberately, manages it better after studying Logic
than he could before, if he is sincere about it and has common sense.
                                   --- Carveth Read, “Logic”
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5ivJAACgkQ0kE/IBnFmjDBFgCeJHVqITZrBRUA1ZUys4I+vVik
s8wAni+DutCuDUd/oyI7tKmJK5OLUHP7
=XKoW
-----END PGP SIGNATURE-----


More information about the Ale mailing list