Arun's Tech Blog


Intelligence level password security

One of the most common problems in security I enounter as a security aware person is password generation and remembrance. Where can a person, especially a non tech-savy user, come up with secure randomly generated passwords; how can they remember them? If I have trouble as a tech savy professional how could the average user of a secure system, maintain private and random passcodes? Add in intelligence level activities such as sneak-n-peak warrants, or illegal searches by foreign intelligence services and what hope have we of maintaining the security of and remembering 10-20 mixed character passcodes. Furthermore, past hacking has show that the personal computers of secure users, even the most intelligent, can be compromised through a variety of methods. This adds another level of difficulty for non-tech-savy users, for example, during an investiagtion of a serious Nasdaq computer system hacking event, “Investigators also discovered that the website run by One Liberty Plaza’s building management company had been laced with a Russian-made exploit kit known as Blackhole, infecting tenants who visited the page to pay bills or do other maintenance.” (Bloomberg).

Even if users do not log into secure systems from compromised devices, there is the serious issue of multiple use passwords. Even I am guilty of using passwords across different systems for easy remembrance. What are the chances that 1 of a 100 users uses the same password for their banking account as a secure system? Quite high I would hazard. So, how could we fix this tantalizing issue, and in a manner easy enough for the lowest common denominator user. For inspiration, I will look to the genious of past cryptographers, particularly Frank Miller, and his invention of the One-Time-Pad.

At first glance their may not much use for a randomized one-time-pad in passcode security but with minimalistic brainpower it can transform into a passcode booklet and turn the standard “1234” into a truly secure passcode. I do this by using what I call a numerical pattern transformation. In essence, the process maps a numerical value to a personal positional transformation. The most simple of these in my mind is 1st digit maps to a page, 2nd digit to a row, 3rd to a collumn and 4th to a digit. PINs can be much longer and transformations complex but this serves as an easy example:

A sample transformation for an 8 digit password with PIN 1234
Pattern Transform Example
With transformations like this users can easily recall complex random symbol passwords with minimal effort and still maintain security if a passbook is stolen, lost or compromised. Furthermore, other pattern transformations can be invented on a person to person basis to complicate and differentiate simple same passwords. For an example one can easily remember the numerical transformation 1234 -> 4321. Suddenly, a simple birthyear password can be come nearly unbreakable. One can take their birth year, 1992 in my case, and reverse it and result in 2991. Or instead of a numerical transform I could map the 1st digit to a row, 2nd to a collumn, 3rd to a page, and 4th to a digit. One can even add misleading underlines and other markings to throw off a would be password thief or create new transformations such as: 1st digit -> respective page, 2nd digit -> respective underlined character, 3rd digit -> digit offset, 4th digit -> additive transform.


2222: go to second page, find second underline, move 2 characters to the right, read the password off adding 2 to each number

At first the method may seem slightly complicated. However, compared to a 6-20 digit password containing letters, number, and symbols, it is much easier and maintains system security with a physical compromise of a passcode booklet. Even if you don’t use the ideas directly, hopefully I have given you some ideas on maintaining complex password security on a scalable level, one can never be too secure or underestimate the poor password choices of a user left to their own devices.

© Copyright 2015, All Rights Reserved