Hello Cybrarians,In the first article
, I showed you a passphrase generating method. In this second article, I would like to introduce you another one, the password matrix. This type is an upgraded version of the ancient SATOR square. The original was used for mythological/mystical purposes and can be viewed in the Pompeii ruins.The advanced version is basically a 16 by 16 matrix, filled with randomly generated characters (upper and lowercase alphanumerical) and in total is 256 bits.An example (8x8 smaller version):vwHSyfY4k5r5pVH8MpfdY2QCKGmeJRcTnj8PCgDHP9nCW2xcxfuJEw7EzNwp8XWAUsage:
You can either create a physical copy (etch it into a metal surface, print it out and laminate, etc) or you can convert it into an image and use your smart device to store it. After securing an easily accessible copy, you have to think a pattern, like an L shape, and pick a starting point. This way you only have to remember these two attributions.Let's say, using the matrix above, you decide to use a simple N pattern and thus creating a 22 character long password of "vkMKnPxzfnPe2H48CTHcEA".It has an entropy level of 114.4 bits and takes roughly 8.75 thousand trillion centuries to brute force assuming one hundred trillion guesses per second.You can of course always free to use more intricate patterns like W, double reverse Z and such, thus increasing password length and strength.This method passes the 3-way identification requirements (property, knowledge, possession) and is a safe way to store your passwords unless you manage to lose the physical reproduction of the matrix (in which case you can create another one or make a new one from scratch).As we saw, brute forcing is out of the question, the password is hard to guess (you have to try 256! (factorial) methods for the 16x16 version) and it is not vulnerable to dictionary-based attacks.
Thank you for your attention, and as always, feedback is much appreciated!
Sator square: https://en.wikipedia.org/wiki/Sator_Square
Shannon entropy: https://en.wikipedia.org/wiki/Entropy_%28information_theory%29
Bruteforce time calculator: https://www.grc.com/haystack.html
Password strength meter: http://rumkin.com/tools/password/passchk.php