[ale] OT - New encryption technology using a piece of paper

Michael Trausch mike at trausch.us
Tue Sep 6 11:36:13 EDT 2011


On 09/06/2011 09:53 AM, Ron Frazier wrote:
> Hi David,
> 
> I posted the original message on this topic.  Actually, the party never
> got started very well.  The discussion drifted into whether pass phrases
> are better (sometimes they are) or whether password cards are better
> (sometimes they are).

I think I compared the OTG system to passcards pretty well.  It boils
down to this:  they are essentially the same thing, with the following
differences:

 * It is trivial to make the character selection pool on a password card
   larger than the "normal" case of alphanumerics: check a box.
 * Password cards enable the user to derive the password in a memorable,
   free-form method; OTG requires that the user learn and memorize an
   algorithm which must be followed every time the password derivation
   is required.

Additionally, the work required to create the password derivation with
the OTG algorithm is likely to be leaky in that you're likely to have to
work it out in order to derive it.  I know that I can't keep track of
that many data points in my head without writing something down.  I'm a
human being, not a computer.

> However, the merits of the OTG system for it's
> intended purpose were never discussed in any depth.  The intended
> purpose is to allow average users to easily create moderate length
> cryptographically strong passwords that are unique for each site they
> visit.

Password cards do this as well, as I have previously pointed out, but
without the requirement for following an algorithm.  If you feel that an
algorithm is required, of course, you can use the pretty symbols, across
the top of the password card, the numbers down the left side of the
password card, or the colors that constitute the rows of the password
card without any problem at all to implement one.  I elect not to,
because I find patterns to be memorable; use them two or three times in
a day or two and you're not likely to forget it.  If you're still likely
to forget it, then create the derivation once and use an encrypted
password safe.

> The sites in question, many times, will not accept long complex
> passwords.  Furthermore, the system allows the user to create said
> passwords without using anything other than the piece of paper with the
> grid on it.

As do password cards.

> All they need to traverse the grid is the domain name of
> interest.

All they need to do with password cards is pick a pattern.

> They don't have to remember any key code to get them to their
> password (as in pass cards), and they can use the password in places
> where a pass phrase will not be accepted, unless it's a very short pass
> phrase.

But they have to remember an algorithm that is required to derive the
password which is worse then remembering a key code.

> As I mentioned in one of the posts, I deal with two sites which
> will only accept 8 character passwords, so even the default method of
> the OTG system which generates a 12 character upper / lower case
> password won't work.

A password card would work for those sites, but an 8 character password
isn't secure anyway.  If they're requiring 8 characters as a maximum
limitation for the passwords, it is likely that they are using a storage
scheme that is excessively weak in the first place, such as the classic
UNIX password storage method or the classic LAN manager password storage
method, which means that that they're insecure on two fronts: brute
force cracking likely won't even be necessary should that database be
leaked.

In other words, it's *really* not worth having an account on such sites
unless they're for almost trivially meaningless things like games (that
don't have your credit card information stored).  Certainly not anything
tied to your identity, if you value your identity anyway.

> If desired, entropy of the final password can be
> increased by adding length, symbols, or numbers.

You could increase the character pool from which the program that
generates the OTG grid operates, but you wouldn't want to do that by
hand.  To do it otherwise, have fun writing the factory software (or
adapting Gibson's) and make sure that there aren't any bugs in it,
because the smallest bug in such a thing will result in something that a
cracker would happily be able to use.

That's the case even for full-blown encryption software; remember the
Debian OpenSSL thing?

> * Pass Phrases - easiest to remember, if you have a dozen - probably
> still have to write down, long ones or ones with symbols won't work for
> many sites, good entropy if they're long, if attacker knows you're using
> words separated by spaces, his search for your pass phrase becomes much
> easier

No... they're long enough that brute forcing them is computationally
infeasible.  The number of guesses required for a "passphrase" of 1 word
would be at most 2,048 (assuming a dictionary of 2,048 words AND
assuming that the attacker knows what your 2,048 word dictionary
actually is); for 2 words, it'd be 4,194,304; for 3 words, it'd be
8,589,934,592; for 4 words, it'd be 17,592,186,044,416.

A four word phrase would take approximately 4,252,031.3669 seconds (or
just over 49.2 days) at most on my computer if ALL of the following were
true:

 * I know the contents of the 2,048 word dictionary you're using.
 * I have the hashed version of your passphrase.
 * I have no other use for my PC for the next 50 days.

Bump that up to six of those words, and now we're talking about my PC
requiring just under 3,4 MILLION YEARS in the worst case to brute-force
the password.  Those two additional words add a LOT of protection.

So, having 1 million of my computer (that is, 6 million 2.3 GHz AMD64
CPU cores of the same family and type) would be required to predictably
crack the password within a timespan of 3.4 years, and only if the
software were written to be 100% efficient (e.g., ideal situation, which
isn't physically possible).  So, a government or very large corporation
could probably crack it if they thought it important enough.

Add ANOTHER two words and it'll take my PC 142,318,354,021.7258
CENTURIES --- and way more computing power than I think currently exists
on the planet Earth to actually crack the password in a reasonable
amount of time.  At that point, the weak link in the chain (discounting
the human because that is ALWAYS the weakest link in the chain) is
likely to be the hashing function or the key derivation function.

-- 
A man who reasons deliberately, manages it better after studying Logic
than he could before, if he is sincere about it and has common sense.
                                   --- Carveth Read, “Logic”


More information about the Ale mailing list