my ideas in action
hard passwords but easy to remember
September 14, 2012Posted by on
One of the important problems of the modern computing is the security, privacy and the personal data that must be protected .
Usually we are using passwords to protect our data or accounts ( email, web…). But one of the main issues is that the passwords must be easy to remember for the owner but very hard to crack for the enemy. So if we choose a password that can be easily remembered, then there is a chance that other persons know it ( like object names, famous places, books quotes…etc).
If we use hard passwords, then it is a risk that we ( owner of the data) forget the password. The alternative is to write down the hard ( complex ) password on a paper and put the paper on a hard to find place. But this solution rise also the problem of the aces to that password. We may need this password in various moments , at random places in time, when we do not have immediate access to our little paper with passwords.
An alternative is to have a easy to remember password but to code it in such a way that the results is a very complex and hard to crack password.
For the people that have access to a computer this is an easy task.
Just an example : we generate the md5sum of a password.
$ echo “password” | md5sum
The md5sum is unique to a input and cannot be cracked. This means that based on the result you cannot recover the input.
If we need only a certain number of characters, we can trim this string to a desired length (example 10 characters), like this:
$ echo “password” | md5sum | head -c 10 ; echo
If we want more, we can go further. As you notice in this string there are only numbers and letters ( small cap letters ). We can now pipe the result to another level of encoding. For example base64 encoding. This type of encoding is reversible ( the input can be found based on output data). The purpose here is to introduce more variation in the string.
$ echo “password” | md5sum | base64 | head -c 25 ; echo
Here we obtain the md5sum of the “password” word and the the result is send to base64 encoding. Then the length of the string is reduced to only 25 characters.
So now we have numbers and letters ( big and small cap).
So , as you can see this results are very hard to remember and crack. But for the owner that know to make this easy steps, the solution is easier.
Now lets suppose that the enemy find the “password” word. Well, whatever he tries, he cannot take the account.
The owner will never remember the Mjg2NzU1ZmFkMDQ4NjljYTUyM password, so even if the enemy force the owner to tell him his password , he cannot get it.
Of course, the secret here is that the “easy to remember password” is processed so that we obtain a hard password. Of course this is just an example.
You can even encode few times the result, mds5sum again few times, cut the length, or even add special characters in certain positions. So the possibilities here are infinite.
So please use hard password !
the dictionary attacks are very common in our days and the computing power is rising every day. ( now the cracking tools use also GPU for a even faster speed).