[ale] OT - New encryption technology using a piece of paper
Michael H. Warfield
mhw at WittsEnd.com
Tue Sep 6 12:53:11 EDT 2011
On Tue, 2011-09-06 at 09:53 -0400, Ron Frazier wrote:
> Hi David,
> I posted the original message on this topic. Actually, the party never
> got started very well. The discussion drifted into whether pass phrases
> are better (sometimes they are) or whether password cards are better
> (sometimes they are). However, the merits of the OTG system for it's
> intended purpose were never discussed in any depth.
Ok... As long as we want to refocus back on that. As a cryptographer,
I will pick several bones with monsieur Gibson.
As you may have already noted, any time his name comes up in certain
circles, it evokes strong reactions. Some swear by him and some swear
at him and some of us look in on him once in a while (I'm not unfamiliar
with his site) just for shits and giggles and a good belly laugh if we
are in a good mood for one. Most of the time I just shake my head and
look the other way. He keeps the natives entertained... Sigh...
First bone. This is NOT encryption. This is a simple "Latin square"
substitution cipher. That's all. No transposition even.
He claims it's secure. No self respecting cryptographer would make a
claim that a substitution cipher is "secure". We have a hard enough
time just making or swallowing any sorts of claims that a system is
"secure". "Secure" is a relative term. Secure for what value of
security? Secure against what forms of attacks? Secure against what
element of information leakage? Broad sweeping claims of something
being secure immediate swing my bullshit meter into action.
His claim that "This “Off The Grid” technology is the only known system
to provide secure encryption using nothing but a specially designed
piece of paper." Even given that it is NOT encryption, his claim is
bogus on multiple levels. Such ciphers have been known about an
analyzed for years. And it is not secure. And it is not the only nor
the first.
He claims it's future proof. Well, I may have to buy that argument. It
may well be just as bad in the future as it is today. He's got me
there.
What is the problem set it seeks to address? It seeks to address
password reuse. In that regard alone, it may have some value. Password
reuses is one of the biggest problems we have with a lot of users.
Pen and pencil ciphering has been around back to to ancient times. This
much is not new. His grid is not new. He even references Latin Squares
in his description. But he does a lot of hand waving and provides no
mathematically rigid proof to his claims as to the security of "his"
system. In his FAQ he tries to make claims of making up for claiming
that they are replacing the 2^128 "complexity" of AES with some huge
amount of "entropy" by saying "The entropy of Latin Squares is so large
that no one even knows how large it is!" My bullshit meter was pegged
bent and broken right off the top right there. Not only are his
arguments NOT mathematically rigid, that gave me the impression he was
pulling numbers out of a place where the sun simply does not shine. He
effort to argue that the 128 bits in AES was "complexity" while he was
added some other secret ingredient "entropy" really just blew my mind.
In some spots he's juxtaposing numbers in a way that is simply
mathematical gibberish. He claims to come up with 2400^6 possibly
combinations but that's logically impossible with the limited character
set. He's obsessed with the procedural pairing that he's lost sight of
the simple fact that a password matches or it doesn't whether it was
derived from a domain name or not. 6 characters from a character set of
72 characters only has 72^6 bits of entropy (or complexity or what ever
he's trying to hide in the blue smoke of his argument),
YES! He has an interesting system that does work with paper and pencil
and gives you a way to come up with unique passwords for web sites. It
helps eliminate password reuse. But the passwords are no more secure
than a lot of other systems out there and, who cares if it's paper and
pencil or a random generator in your password safe? A key logger is
still going to own your shorts. A password sniffer will still get it.
A compromised hash database is still going to get busted (especially if
its a short password - anything less than 12 is toast).
Bruce Schneier has always had a term for that which I never mind
quoting: Snake Oil. Trust it. Secure. Says so, right on the bottle.
Regards,
Mike
> The intended
> purpose is to allow average users to easily create moderate length
> cryptographically strong passwords that are unique for each site they
> visit. The sites in question, many times, will not accept long complex
> passwords. Furthermore, the system allows the user to create said
> passwords without using anything other than the piece of paper with the
> grid on it. All they need to traverse the grid is the domain name of
> interest. They don't have to remember any key code to get them to their
> password (as in pass cards), and they can use the password in places
> where a pass phrase will not be accepted, unless it's a very short pass
> phrase. As I mentioned in one of the posts, I deal with two sites which
> will only accept 8 character passwords, so even the default method of
> the OTG system which generates a 12 character upper / lower case
> password won't work. If desired, entropy of the final password can be
> increased by adding length, symbols, or numbers. I am currently
> evaluating all these methods to go to a system of having one password
> for every website. Not sure what I'm going to do yet. I may end up
> using something like OTG to generate some passwords and something like
> LastPass to enter them into websites automatically. Then I can save the
> grid for later reference. At sites where pass phrases of decent length
> will work, I'll probably use those. As I see it, the pros and cons for
> each method are:
>
> * Pass Phrases - easiest to remember, if you have a dozen - probably
> still have to write down, long ones or ones with symbols won't work for
> many sites, good entropy if they're long, if attacker knows you're using
> words separated by spaces, his search for your pass phrase becomes much
> easier
>
> * Password Cards - somewhat easy to remember a key code, if you have a
> dozen - probably still have to write key codes down, shorter ones should
> work for most sites, longer ones won't
>
> * OTG - nothing to remember - use the domain name, if you have a dozen -
> generate as needed, somewhat tedious, shorter ones should work for most
> sites, longer ones won't
>
> Sincerely,
>
> Ron
>
>
> On 9/5/2011 10:14 PM, David Hillman wrote:
> > I guess I came too late to the party. I read "Off The Grid" and
> > wondered how long it would be before really well-informed people poked
> > holes in the whole idea. To me, it looks like it'll do a better job
> > of creating passwords than most of the user population (who might find
> > it to be too complicated). The rest will have to be handled by the
> > system administrator with a defense strategy that consists of a
> > mile-wide moat filled with alligators, rocks and burning faeces.
> > Intruders tend to shy away from that level of stinkiness. Now that I
> > have contributed, I can go back to reading about Single Packet
> > Authorization (SPA).
> >
> >
> > On Sun, Sep 4, 2011 at 8:56 PM, Michael H. Warfield <mhw at wittsend.com
> > <mailto:mhw at wittsend.com>> wrote:
> >
> > On Sun, 2011-09-04 at 19:49 -0500, Pat Regan wrote:
> > > On Sat, 03 Sep 2011 20:06:56 -0400
> > > "Michael H. Warfield" <mhw at wittsend.com
> > <mailto:mhw at wittsend.com>> wrote:
> > >
> > > > The forced changes provide no benefit and yet add that little tiny
> > > > extra opportunity of additional threat. And, yes, there are
> > password
> > > > sniffers that will fire on password changes so they follow your
> > > > changes as you make them. Factor it in how you will.
> >
> > > A company I used to work for about a decade ago had a 60 or 90 day
> > > schedule on their forced password changes. The requirements for the
> > > passwords weren't very strict, either.
> >
> > > Most of the customer service people ended up teaching each other the
> > > same password scheme of current month+year (jan99, for example).
> > Since
> > > those passwords were good for 60 or 90 days, you could walk out
> > on that
> > > call center floor and guess almost anyone's password in 2 or 3
> > tries.
> >
> > In my talks on this, I try to dance around it a little bit without
> > being
> > as blatant as that, but you are absolutely correct. Forced expiration
> > and password changes invariably force most users into predictable
> > patterns which are of no benefit and often just the opposite.
> >
> > The other effect, when password strength/complexity checkers are not
> > enforced, is the "jumping in front of the bus effect". Small but
> > real,
> > it's the case where a user is forced to change his password and he
> > changes it to one that the attackers are using to guess... Powned...
> >
> > > Pat
> >
> > Regards,
> > Mike
> > --
> > Michael H. Warfield (AI4NB) | (770) 985-6132
> > <tel:%28770%29%20985-6132> | mhw at WittsEnd.com
> > /\/\|=mhw=|\/\/ | (678) 463-0932
> > <tel:%28678%29%20463-0932> | http://www.wittsend.com/mhw/
> > NIC whois: MHW9 | An optimist believes we live in the
> > best of all
> > PGP Key: 0x674627FF | possible worlds. A pessimist is
> > sure of it!
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org <mailto:Ale at ale.org>
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >
> >
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> >
>
> --
>
> (PS - If you email me and don't get a quick response, you might want to
> call on the phone. I get about 300 emails per day from alternate energy
> mailing lists and such. I don't always see new messages very quickly.)
>
> Ron Frazier
>
> 770-205-9422 (O) Leave a message.
> linuxdude AT c3energy.com
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20110906/e9255edc/attachment.bin
More information about the Ale
mailing list