Ultra-secure passwords part II

This is mostly a followup to my original post on easily generating passwords from a mnemonic. It was prompted by a comment by Francesco Sullo advocating against the method, saying “If the attacker is a cryptoanalyst and he catch two of your generated “super secure” passwords (for example, because you login into his websites) he can easily discover your method in minutes.

The premise is false, and here’s why…

For an attacker to decipher the password, I either have to be using commonly known phrases or sentences from well known books (which I don’t) or the attacker needs to scan every book in print and out of print, which is quite unlikely. Mind you the text can even be a phrase, as demonstrated in my reply to him, which no attacker would ever hope of guessing unless it was made public at some point.

As a side note, I created a quick little utility that does the hard part. There’s ample room for improvement for sure, but it gets the point across that book cipher cryptography is only weak when the source is known.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s