1994-07-12 - Re: Security for under a buck fifty

Header Data

From: Ben.Goren@asu.edu
To: Mike Johnson second login <exabyte!gedora!mikej2@uunet.uu.net>
Message Hash: 3c1f001eaa3e18a5affd8a492adb681fd3ff1ca255c75cc477c2ab1e0a58ed7e
Message ID: <aa489e5f0202101e958d@[129.219.97.131]>
Reply To: N/A
UTC Datetime: 1994-07-12 20:23:06 UTC
Raw Date: Tue, 12 Jul 94 13:23:06 PDT

Raw message

From: Ben.Goren@asu.edu
Date: Tue, 12 Jul 94 13:23:06 PDT
To: Mike Johnson second login <exabyte!gedora!mikej2@uunet.uu.net>
Subject: Re: Security for under a buck fifty
Message-ID: <aa489e5f0202101e958d@[129.219.97.131]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:42 AM 7/12/94, Mike Johnson second login wrote:
>>[Ben.Goren@asu.edu [me] wrote about generating pass phrases from
>>true random numbers, mapping into a character set, creating mnemonics.]
>
>I already do this -- except that I use a keystroke- timing program for
>the true random source, and I do the mnomonic generation with my brain
>instead of the program.  My program just converts the random numbers to
>uniformly distributed printable ASCII (values between space and del), for
>a little more entropy than 6 bits per character.

The tradeoff is between number of characters needed (length of passphrase)
and diversity of character set. I'd probably have better luck with the
mnemonic if I didn't have to fit in a whole string of %*$@!, but that
should probably be a user setting.

>A more automated way to generate a pass phrase might be to convert every
>16 bits of random numbers to one of 65536 words and names in your
>favorite languages.  That way, you would have real words to memorize, but
>in a strange order.  For example, a 128 bit key might be:
>tree elephant action roof xymurgy eight top slash.
>
>You could try to think of some story to link the 8 originally unrelated
>words together and help you to remember it.

Another possibility: have a dictionary of different parts of speech and
assemble them in order. For a short example, each passphrase could be in an
order such as:

Article adjective modifier noun verb article adjective modifier noun.

Our favorite would fit: The quick brown fox jumps over the very lazy dog.

This looses entropy (Mallet knows the order, and probably the dictionaries)
and so you would want either a longer sentence or some other modification,
like random--not decided by the person--capitalization or character
substitution. Or have two sentences: The quick brown fox jumps over the
very lazy dog; a lovely ermine glove fits into the hazy slumping bucket.

Figure thirteen bits each with dictionaries of ten thousand each
adjectives, modifiers, nouns, and verbs--your final dictionary would be 40
thousand words, total; you'd need about ten words to get 128 bits. Make
that two shorter--eight word--sentences, restricted to easy-to-remember
orderings, and you've more than made up for whatever entropy was lost in
having a known structure.

Umph. I think I need to start making time to write code, if I want to see
this work.

b&

--
Ben.Goren@asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben@tux.music.asu.edu for PGP 2.3a public key.







Thread