From: Joseph Block <jpb@gate.net>
Date: Mon, 4 Jul 94 07:48:05 PDT
To: cypherpunks@toad.com (cypherpunks mailing list)
Subject: Pass Phrases
Message-ID: <199407041451.KAA56206@inca.gate.net>
MIME-Version: 1.0
Content-Type: text


Maybe I'm just being a little dense about this.

If I am the only person who knows what pair of texts I'm using and what
permutation algorithm, and what the random number I'm going to salt the
pass phrase with, and where I'm going to put the random digits, how is it
insecure?

Say I use the following two key phrases

The Quick Brown Fox Jumps Over The Lazy Dog
Oh Be A Fine Girl Kiss Me

I decide my method is going to be first letter of each word of the first
phrase, last letter of each word of the second phrase

I get

THQEBAFLJSOMTHLEDA

I then throw in 1701 as follows

1701THQ1EBA7FLJ0SOM1THL1EDA7

Without knowing the phrases, method, or number, what makes this insecure?

I'm not deliberately trying to be dense, I'd like to know why I shouldn't use
this sort of mnemonic method to remember the pass phrase.

jpb@gate.net