1. 15

While not the title, it is a neat quote from the post. Original title seems too long for Lobsters: “Strong, easy, brain based cryptography and password management. QWERTY keyboard required; smarts optional”


  2. 5

    Example of a random cyclic permutation: g = “m1;zj/ycthkduwn98ae7.s65oirb2q34,pgvfxl0” This provides 159 bits of entropy. It is astonishingly easy to recall the next letter for any given letter in the sequence.

    Citation needed? If that string is astonishly easy to memorize, I’m terrified to imagine what a mildly challenging key would look like.

    1. 3

      I am also confused, but intrigued at the same time, so I asked some basic questions (waiting for reply).

      1. 2

        I think they mean that you memorize the permutation algorithm, and the table to look things up on. Based on those two pieces of information, you can generate the key. Then, using the same table, to ‘encrypt’ something, you take your message, line it up with your ‘key’, and ‘add’ the two values together using that same table.

        Basically it’s akin to an XOR cipher, I think; with a trick for generating the key in a pseudorandom way, and ‘XOR’ here being defined as this table-based addition.

        For instance, that key is ‘astonishingly easy’ to memorize, because the last letter of the key + the values of the left/right shift and up/down shift on that table are either easily memorized (being simple constants), or readily provided to the cipher-key holder.

        It does have at least two obvious vulnerabilities. 1. The generated cipher key will be cyclic, meaning (since this is a sort of substitution cipher), it’s vulnerable to all the usual problems of that kind of cipher with a not OTP key; and 2. If anyone ever gets a hand on consecutive chunks of the key, they could feasibly deduce the hidden values with some statistical analysis.

        I’m no cryptographer, though, so I might be wrong.

        1. 1

          I’m somewhat confused about the security claim here. I want to send you a message. This requires that we share a prearranged secret. Ok, no problem, that’s how it is. The claim is that this offers 159 bits of entropy (security). By necessity, this means we pre share 159 bits. What are they?

          1. 1

            I think the content of the algorithm, the secret values that plug into that algorithm, and the table contain those bits (but IANA Information theorist).

            Actually, tbh, I think the claim is simply false. The previous is simply an optimistic accounting. In reality, you’re not sharing 159 bits of entropy, you’re sharing a pseudorandom key generated by a (relatively weak) algorithm. It just looks like there are that many.

            1. 1

              Log2(40!) is indeed 159. But this does require the string to be generated from all permutations.

      2. 1

        Is there a way to generate a list of psuedorandom numbers from a body of text that isn’t at risk for frequency analysis? If that’s the case you could modulo sum your easy to remember password with the random stream provided from your favorite book and get all kinds of garbled stuff.