Bohack

All authentication systems break down to three simple things: something you know, something you have or something you are. Something that you know is a password, something you have is a key and something you are is your physical looks.

Since most authentication systems require only your username and a password, a strong password that is complex is best. Coming up with good strong passwords that are complex is easy, remembering them is the tough part.
Phonetic passwords contain characters like 2, b, r, i, m, a, 4, and 8 to sound words like to, be, are, I, am, a, for, ate. Using these characters to create a ‘leet speak’ password is good, but weak because iterations of these are in ever dictionary attack out there.

An alternative is using salt to key cryptography. A salt is a random numeric number that alters the password to create a key; it is also known as a nonce. The key is irreversible, only the original salt and password can equal the key.

salt + password = key

Since we need to make this easy we will not be using md5 algorithms, instead we will use substitution; just like the Romans only with a twist. We need to first pick our salt, this salt will become yours and you will never disclose your salt ever. It’s like picking your totem from the movie Inception; it is only for you to know.

To pick your salt you will need non-pattered words at least 10 or more characters long, preferably with vowels. The first twelve letters “e t a o i n s r h l d c”, are found in around 80% of the words in the English language. You will need to find an isogram or non-pattered word, which means the word does not repeat any letters. I have a few below, none are mine (or maybe they are).

aftershock – artichokes – authorizes – bankruptcy

Note: To find more words like these Google the term Isogram.

We choose our salt let’s use aftershock. You will take the letters and place numbers above the word from left to right.

A F T E R S H O C K
1 2 3 4 5 6 7  8 9 A

or A=1, F=2, T=3, E=4, R=5, S=6, H=7, O=8, C=9, and K=A

If we have a name like ‘Jonathan’ we want to encrypt we will substitute a letter for number so ‘Jonathan’ would look like this ‘J8n13h1n’ this is our encrypted password that we can encrypt over and over again. Knowing our salt is always ‘aftershock’.

Tags: Cyrptography, Passwords, Security

This entry was posted on Sunday, February 26th, 2012 at 11:26 pm and is filed under Security.
You can follow any responses to this entry through the RSS 2.0 feed.
Both comments and pings are currently closed.