Silk Road forums
Discussion => Security => Topic started by: Leapfrogger on August 16, 2013, 08:54 am
-
Okay, so you know how you can play a [slightly modified version of] "Mary Had a Little Lamb" on your phone using only the digits {1, 2, 3}?
"3212333222333..."
You can use other combinations of digits too ({4, 8, #}, for example), but the nature of your phone's dual-tone multi-frequency signaling only allows you to play melodies with up to three unique notes- four if you go vertical. Not a lot of possibilities there.
But look at the keyboard in front of you: you've got not three, not four, but ten digits lined up in a neat little row. Unlike the buttons on your phone, your computer keyboard doesn't produce audible pitches, but use your imagination. Let each digit correspond to one scale degree (≈ one note) and you can "play" a melody with as wide a range as the US national anthem:
"531358098345..."
Or the first verse of "Bohemian Rhapsody":
"33123333454322345432
333576668888864322..."
Or Maurice Ravel's "Ondine":
"75356753567608543514351348..."
Sequences of numbers (or letters, or symbols) derived from music are ideal for padding out passwords, because:
1) they're long
2) they're easy to memorize
3) they're unlikely to be found in a brute force attack dictionary (especially if the source music is obscure- hipsters have a distinct advantage here), and
4) they're actually kind of fun to type in.
Do with this what you will!
-
Sounds neat :)
Could you explain this a little further? I don't fully understand this.
It's a lovely thought though. "Darn it, what was my password again? Where's my guitar?" :)
cheers
-
Except that you published this here.
And now when LEO creates rainbowtable,s they'll keep this in mind.
You are not supposed to follow a pattern of any kind when making a password.
-
Sounds neat :)
Could you explain this a little further? I don't fully understand this.
It's a lovely thought though. "Darn it, what was my password again? Where's my guitar?" :)
cheers
Glad you found it interesting. :)
Basically, each note would be assigned a character. Which notes get which characters would be entirely up to you, as long as it makes sense to you and you won't forget your system.
So let's say A = 1, B = 2, C = 3. Then "Heart & Soul"- that duet that everybody plays on piano and goes like this:
"CCCCBABCDEEEEDCDEFGCAGFEDC"
...and would translate to:
"33332123455554345673876543"
You could then- *ahem*- "transpose it down a key" and get something like:
"EEEEWQWERTTTTRERTYUEIUYTRE"
Lots of options, lots of melodies. (I keep saying melodies because it's easy to think of examples, but any musical figure will do: bass lines, arpeggiations of a chord progression, guitar solos- anything you're able to remember.)
-
Except that you published this here.
And now when LEO creates rainbowtable,s they'll keep this in mind.
Even if the NSA after reading my post hires thousands of trained musicians and tasks them with transcribing every note of every instrument of every piece of music recorded in the last 150 years... Even if they track down the field recordings of the Tuvan throat singer from which I derived part of my password and enter it into their "rainbowtable,s"... Even then, all I have to do is append the name of my cat to my password and the NSA is back at square one. BOOM!
You are not supposed to follow a pattern of any kind when making a password.
Uh oh... you hear that, guys? No patterns of any kind allowed. LEO is onto patterns. The only safe password consists of a long, random, completely meaningless string of characters which you will memorize perfectly and forever and never write down. Good luck!
-
Except that you published this here.
And now when LEO creates rainbowtable,s they'll keep this in mind.
Even if the NSA after reading my post hires thousands of trained musicians and tasks them with transcribing every note of every instrument of every piece of music recorded in the last 150 years... Even if they track down the field recordings of the Tuvan throat singer from which I derived part of my password and enter it into their "rainbowtable,s"... Even then, all I have to do is append the name of my cat to my password and the NSA is back at square one. BOOM!
You are not supposed to follow a pattern of any kind when making a password.
Uh oh... you hear that, guys? No patterns of any kind allowed. LEO is onto patterns. The only safe password consists of a long, random, completely meaningless string of characters which you will memorize perfectly and forever and never write down. Good luck!
You sound mad. im not trying to start an argument.
Im just saying it's insecure.
By the way, all the passwords i use are over 50 characters long, are completely random, and i memorise them all.
Yea. So i will memorize it perfectly and never write it down.
-
Patterns should be avoided when possible. They don't totally fuck you but they require you to remember more. There is absolutely no reason to remember a 50 character truly random password, anything more than 39 truly randomly generated ASCII characters is a waste of your memory since that is equal to a 256 bit random key which is what AES-256 uses anyway.
-
Patterns should be avoided when possible. They don't totally fuck you but they require you to remember more. There is absolutely no reason to remember a 50 character truly random password, anything more than 39 truly randomly generated ASCII characters is a waste of your memory since that is equal to a 256 bit random key which is what AES-256 uses anyway.
who said anything about aes256?
-
Music does not always use logical patterns, so I don't see the problem here. If you use Mozart, Bach etc, it's a different story since they quite strictly apply music theory which is an easy pattern to figure out.
I'll try and 'transpose' some dissonant arpreggios into a password tomorrow.
cheers
Edit: I forgot to thank you for your further explaination, Leapfrogger! As this happens to be my 100th post, you'll get my first Karma :)
-
Patterns should be avoided when possible. They don't totally fuck you but they require you to remember more. There is absolutely no reason to remember a 50 character truly random password, anything more than 39 truly randomly generated ASCII characters is a waste of your memory since that is equal to a 256 bit random key which is what AES-256 uses anyway.
who said anything about aes256?
I figured you are using no more than a 256 bit algorithm since it isn't very common for people to use more than that, usually people use AES, Serpent or Twofish with no more than 256 bit key. What are you using Blowfish?
-
Patterns should be avoided when possible. They don't totally fuck you but they require you to remember more. There is absolutely no reason to remember a 50 character truly random password, anything more than 39 truly randomly generated ASCII characters is a waste of your memory since that is equal to a 256 bit random key which is what AES-256 uses anyway.
who said anything about aes256?
I figured you are using no more than a 256 bit algorithm since it isn't very common for people to use more than that, usually people use AES, Serpent or Twofish with no more than 256 bit key. What are you using Blowfish?
Tripleblowfish + TEA + proprietary system.