[clug] Passwords [SEC=UNCLASSIFIED]
Sam Couter
sam at couter.id.au
Mon Aug 27 06:37:19 MDT 2012
Ellis, Peter MR <peter.ellis at defence.gov.au> wrote:
> Okay, let's get semi-technical military.
>
> A. The military sometimes uses a "one-time pad" system for simple operational security (OPSEC), involving a "covered vector" (COVEC).
Interesting that you mentioned this.
No good for passwords, but a securely generated and transmitted one-time
pad is considered the only form of encryption that's invulnerable to
cryptanalysis.
So, now we only have to solve the problem of securely generating and
transmitting the one-time pad. Easy, right?
> B. The other one I'll discuss: safe grids. Safes have numbers to open them, but people typically 'invent' a word or phrase then convert this to the numbers. A grid might look like this, or be 'slewed' (started down) by several lines.
>
> 1 ABC wx
> 2 DEF yz
> 3 GHI abc
> 4 JKL def
> 5 MN ghi
> 6 OP jk
> 7 QRS lmn
> 8 TU opq
> 9 VW rst
> 0 XYZ uv
>
> e.g.
> CAPTURE = 1168872
> capture = 3389094
> CaptUre = 1389894
This is vulnerable to very primitive cryptanalysis. It's okay for kids
passing notes in class but no good for anything more serious.
--
Sam Couter | mailto:sam at couter.id.au
OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/linux/attachments/20120827/19a51230/attachment-0001.pgp>
More information about the linux
mailing list