Password Generating Principles: Method 2

December 24, 2016 | Views: 5932

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hello Cybrarians,

In the first article, I showed you a passphrase generating method. In this second article, I would like to introduce you another one, the password matrix. This type is an upgraded version of the ancient SATOR square. The original was used for mythological/mystical purposes and can be viewed in the Pompeii ruins.

The advanced version is basically a 16 by 16 matrix, filled with randomly generated characters (upper and lowercase alphanumerical) and in total is 256 bits.
An example (8×8 smaller version):

vwHSyfY4
k5r5pVH8
MpfdY2QC
KGmeJRcT
nj8PCgDH
P9nCW2xc
xfuJEw7E
zNwp8XWA

Usage:
You can either create a physical copy (etch it into a metal surface, print it out and laminate, etc) or you can convert it into an image and use your smart device to store it. After securing an easily accessible copy, you have to think a pattern, like an L shape, and pick a starting point. This way you only have to remember these two attributions.
Let’s say, using the matrix above, you decide to use a simple N pattern and thus creating a 22 character long password of “vkMKnPxzfnPe2H48CTHcEA”.
It has an entropy level of 114.4 bits and takes roughly 8.75 thousand trillion centuries to brute force assuming one hundred trillion guesses per second.
You can of course always free to use more intricate patterns like W, double reverse Z and such, thus increasing password length and strength.
This method passes the 3-way identification requirements (
property, knowledge, possession) and is a safe way to store your passwords unless you manage to lose the physical reproduction of the matrix (in which case you can create another one or make a new one from scratch).
As we saw, brute forcing is out of the question, the password is hard to guess (you have to try 256! (factorial) methods for the 16×16 version) and it is not vulnerable to dictionary-based attacks.

Thank you for your attention, and as always, feedback is much appreciated!


Links:
Sator square: https://en.wikipedia.org/wiki/Sator_Square

Shannon entropy: https://en.wikipedia.org/wiki/Entropy_%28information_theory%29

Bruteforce time calculator: https://www.grc.com/haystack.html

Password strength meter: http://rumkin.com/tools/password/passchk.php

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
8 Comments
  1. guys PROOF before payment is the most important thing when you are not certain of all these hackers. truth is there are only a handful of real hackers in the world. i have known one since we were in middle school he was always a genius with stuff like that. but now he is some sort of deep web guru. get at spacehack9@gmail.com if you need his services. i wont tell you stuff that he’s done for me, i will tell you that my ex regretted not keeping it in the pants and dont get me started about my credit score lol, but bottom line is i have used him more than once and he wont take your money without showing you some sort of proof. just tell him i referred you. he is literally an alien

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel