1994-07-12 - Re: Security for under a buck fifty

Header Data

From: Mike Johnson second login <exabyte!gedora!mikej2@uunet.uu.net>
To: Ben Goren <gedora!uunet!Tux.Music.ASU.Edu!ben@uunet.uu.net>
Message Hash: bb448331def48f0698073f12cd13d74660213762a8548efac93a17ce3c148c39
Message ID: <Pine.3.89.9407121039.A10838-0100000@gedora>
Reply To: <Pine.3.89.9407112119.A22909-0100000@Tux.Music.ASU.Edu>
UTC Datetime: 1994-07-12 16:46:14 UTC
Raw Date: Tue, 12 Jul 94 09:46:14 PDT

Raw message

From: Mike Johnson second login <exabyte!gedora!mikej2@uunet.uu.net>
Date: Tue, 12 Jul 94 09:46:14 PDT
To: Ben Goren <gedora!uunet!Tux.Music.ASU.Edu!ben@uunet.uu.net>
Subject: Re: Security for under a buck fifty
In-Reply-To: <Pine.3.89.9407112119.A22909-0100000@Tux.Music.ASU.Edu>
Message-ID: <Pine.3.89.9407121039.A10838-0100000@gedora>
MIME-Version: 1.0
Content-Type: text/plain




>... 
> I got that number by grabbing handfuls of pennies out of a pile of
> 132--a true random number generator that cots less than
> breakfast--though, I will admit that it's somewhat cumbersome.
> 
> But a number can be represented in many different ways. Create a
> six-bit character set, filling from 000000 to 111111 with a-z, A-Z,
> 0-9, . [period], and - [hyphen]. Now, the key becomes:
> 
> Mx1SmVYpMrbp3mI-sYthaX
> 
> Not impressed yet? Try using the human brain's wonderful talent for
> seeing patterns in randomness. If your mind just happened to work
> exactly like mine, you would get:
> 
> Mx1 misSiles moVe Yp; Mr. bop of 3m I-s Yt haX. [Yt as in the
> element.]
> 
> I would suggest that it would only take the average person a minute
> or two to memorize such a phrase, especially if she were the one to
> do the pattern-matching in the first place.
>... 
> Can anybody suggest how to implement this? Can a computer program
> suggest mnemonics that would mean anything to a person? Even if the
> computer gives the user a screenful of such? Or, how about giving a
> screenful of "words," and letting the user mix-n-match?

I already do this -- except that I use a keystroke- timing program for 
the true random source, and I do the mnomonic generation with my brain 
instead of the program.  My program just converts the random numbers to 
uniformly distributed printable ASCII (values between space and del), for 
a little more entropy than 6 bits per character.

A more automated way to generate a pass phrase might be to convert every 
16 bits of random numbers to one of 65536 words and names in your 
favorite languages.  That way, you would have real words to memorize, but 
in a strange order.  For example, a 128 bit key might be:
tree elephant action roof xymurgy eight top slash.

You could try to think of some story to link the 8 originally unrelated 
words together and help you to remember it.







Thread