Proposal - memorizing simple passwords which are hard to crack - cypherpunks

newer
Happy Holidays 2021

Proposal - memorizing simple passwords which are hard to crack

Stefan Claas

23 Dec 2021 23 Dec '21

5:57 p.m.

Hi all, https://groups.google.com/g/alt.privacy.anon-server/c/IrBgFHsLu0w Hope you like it and wish all ML members a happy Holidays season. Regards Stefan

Show replies by date

Punk-BatSoup-Stasi 2.0

23 Dec 23 Dec

6:52 p.m.

...

https://groups.JOOGLE.com/

thank you for spamming advertising for the pieces of jew, non-human shit from joogle. as to memorizing passwords, yeah, use a bunch of random words. It works well.

Stefan Claas

24 Dec 24 Dec

6:03 p.m.

On Thu, Dec 23, 2021 at 6:57 PM Stefan Claas wrote:

...

Hi all,

https://groups.google.com/g/alt.privacy.anon-server/c/IrBgFHsLu0w

Hope you like it and wish all ML members a happy Holidays season.

https://github.com/sac001/ms Regards Stefan

Punk-BatSoup-Stasi 2.0

7:04 p.m.

On Fri, 24 Dec 2021 19:03:41 +0100 Stefan Claas wrote:

...

...
https://groups.JOOGLE.com/g/alt.privacy.anon-server/c/IrBgFHsLu0w

...

https://MICROSHIT.com/sac001/ms

Ok, here's Stefan's message NOT HOSTED by JEW NAZIS (yes, github is microshit which in turn is controlled by JEW NAZI ballmer) "

...

Yes, I am aware of that, but how can one memorize a key when traveling and not taking any devices with him?

If you pick your random password out of base64-characters (basically lower case letters, upper case letters, numbers and 2 symbols), 20 characters give you 120 bits of entropy. Make them into 5 groups of 4 characters and make a short story for each of those 5 groups. That's 2 hours of work for as much password as you will ever need for the rest of your life. That's what I call a good investment. You can derive any real password you ever need from this master password." That doesn't sound like a good idea. Remembering a set of random words is a lot easier.

Stefan Claas

8:16 p.m.

On Fri, Dec 24, 2021 at 8:00 PM Punk-BatSoup-Stasi 2.0 wrote:

...

On Fri, 24 Dec 2021 19:03:41 +0100 Stefan Claas wrote:

...
...
https://groups.JOOGLE.com/g/alt.privacy.anon-server/c/IrBgFHsLu0w

...
https://MICROSHIT.com/sac001/ms

Ok, here's Stefan's message NOT HOSTED by JEW NAZIS (yes, github is microshit which in turn is controlled by JEW NAZI ballmer)

"

...
Yes, I am aware of that, but how can one memorize a key when traveling and not taking any devices with him?

If you pick your random password out of base64-characters (basically lower case letters, upper case letters, numbers and 2 symbols), 20 characters give you 120 bits of entropy. Make them into 5 groups of 4 characters and make a short story for each of those 5 groups. That's 2 hours of work for as much password as you will ever need for the rest of your life. That's what I call a good investment. You can derive any real password you ever need from this master password."

That doesn't sound like a good idea. Remembering a set of random words is a lot easier.

Well, you can do that too, but I prefer his method because in the past I had problems to remember diceware words. Regards Stefan

Punk-BatSoup-Stasi 2.0

9:56 p.m.

On Fri, 24 Dec 2021 21:16:21 +0100 Stefan Claas wrote:

...

Well, you can do that too, but I prefer his method because in the past I had problems to remember diceware words.

My guess then is that you will have more problems remembering random chars.

...

Regards Stefan

Stefan Claas

10:47 p.m.

On Fri, Dec 24, 2021 at 10:52 PM Punk-BatSoup-Stasi 2.0 wrote:

...

On Fri, 24 Dec 2021 21:16:21 +0100 Stefan Claas wrote:

...
Well, you can do that too, but I prefer his method because in the past I had problems to remember diceware words.

My guess then is that you will have more problems remembering random chars.

The thing with the 'story' is that you make up a long sentence where each word starts with the respective letter or in case of digits say, 6 you use the word six. Once you have such a long sentence, you can memorize it the same as you did in School, when learning a (long) poem. Regards Stefan

Punk-BatSoup-Stasi 2.0

25 Dec 25 Dec

12:37 a.m.

On Fri, 24 Dec 2021 23:47:35 +0100 Stefan Claas wrote:

...

On Fri, Dec 24, 2021 at 10:52 PM Punk-BatSoup-Stasi 2.0 wrote:

...
On Fri, 24 Dec 2021 21:16:21 +0100 Stefan Claas wrote:

...
Well, you can do that too, but I prefer his method because in the past I had problems to remember diceware words.

My guess then is that you will have more problems remembering random chars.

The thing with the 'story' is that you make up a long sentence where each word starts with the respective letter or in case of digits say, 6 you use the word six.

Oh, ok that sound fine. And how do you encode upper/lower case?

...

Once you have such a long sentence, you can memorize it the same as you did in School, when learning a (long) poem.

Regards Stefan

Stefan Claas

8:42 a.m.

On Sat, Dec 25, 2021 at 1:33 AM Punk-BatSoup-Stasi 2.0 wrote:

...

On Fri, 24 Dec 2021 23:47:35 +0100 Stefan Claas wrote:

...
On Fri, Dec 24, 2021 at 10:52 PM Punk-BatSoup-Stasi 2.0 wrote:

...
On Fri, 24 Dec 2021 21:16:21 +0100 Stefan Claas wrote:

...
Well, you can do that too, but I prefer his method because in the past I had problems to remember diceware words.

My guess then is that you will have more problems remembering random chars.

The thing with the 'story' is that you make up a long sentence where each word starts with the respective letter or in case of digits say, 6 you use the word six.

Oh, ok that sound fine. And how do you encode upper/lower case?

In German, we have uppercase and lowercase words and I should better add this to the README. Regards Stefan

Stefan Claas

9:07 a.m.

On Sat, Dec 25, 2021 at 9:42 AM Stefan Claas wrote:

...

On Sat, Dec 25, 2021 at 1:33 AM Punk-BatSoup-Stasi 2.0 wrote:

...
On Fri, 24 Dec 2021 23:47:35 +0100 Stefan Claas wrote:

...
On Fri, Dec 24, 2021 at 10:52 PM Punk-BatSoup-Stasi 2.0 wrote:

...
On Fri, 24 Dec 2021 21:16:21 +0100 Stefan Claas wrote:

...
Well, you can do that too, but I prefer his method because in the past I had problems to remember diceware words.

My guess then is that you will have more problems remembering random chars.

The thing with the 'story' is that you make up a long sentence where each word starts with the respective letter or in case of digits say, 6 you use the word six.

Oh, ok that sound fine. And how do you encode upper/lower case?

In German, we have uppercase and lowercase words and I should better add this to the README.

P.S. IIRC the author once said, for English, that one can use lowercase letters for words that are smaller than a toaster and for uppercase things that are larger than a toaster. That such sentences are always nonsense in their meaning should be clear, which should make guessing harder, but not memorizing. Regards Stefan

Punk-BatSoup-Stasi 2.0

4:17 p.m.

On Sat, 25 Dec 2021 09:42:53 +0100 Stefan Claas wrote:

...

On Sat, Dec 25, 2021 at 1:33 AM Punk-BatSoup-Stasi 2.0 wrote:

...
On Fri, 24 Dec 2021 23:47:35 +0100 Stefan Claas wrote:

...
On Fri, Dec 24, 2021 at 10:52 PM Punk-BatSoup-Stasi 2.0 wrote:

...
On Fri, 24 Dec 2021 21:16:21 +0100 Stefan Claas wrote:

...
Well, you can do that too, but I prefer his method because in the past I had problems to remember diceware words.

My guess then is that you will have more problems remembering random chars.

The thing with the 'story' is that you make up a long sentence where each word starts with the respective letter or in case of digits say, 6 you use the word six.

Oh, ok that sound fine. And how do you encode upper/lower case?

In German, we have uppercase and lowercase words and I should better add this to the README.

Ah yes. Nouns. Die Sonne. Die Welt. I didn't assume the method was tied to a particular language (or its spelling)

...

Regards Stefan

grarpamp

2:57 a.m.

...

...
https://groups.google.com/g/alt.privacy.anon-server/c/IrBgFHsLu0w https://github.com/sac001/ms

Length 8 truly random chars from range [a-z0-9] yields 108 bit, 9 yields 114, 10 yields 119, 11 yields 124, 12 beats AES at 129. One's ability to remember decreases rapidly with the length X range of random things involved, these large multiples are easily forgotten, same with randomly generated stories, random strings, etc. Whitepapers that you can find and post may discuss the memory sweet spot tradeoff between length and range. Length is difficult. The world is full of books and other reliably duplicated distributed and stored media. book xor page xor brainphrase ~= only 3 elements, yet can yield quite a bit more retrievable memorable and portable entropy than expected, to which user can also add in elements such as markov window, substitution / ROT-n, translation, etc... 5 to 6 elements. You may also find and post papers estimating that.

Stefan Claas

8:49 a.m.

On Sat, Dec 25, 2021 at 3:57 AM grarpamp wrote:

...

...
...
https://groups.google.com/g/alt.privacy.anon-server/c/IrBgFHsLu0w https://github.com/sac001/ms

Length 8 truly random chars from range [a-z0-9] yields 108 bit, 9 yields 114, 10 yields 119, 11 yields 124, 12 beats AES at 129.

One's ability to remember decreases rapidly with the length X range of random things involved, these large multiples are easily forgotten, same with randomly generated stories, random strings, etc. Whitepapers that you can find and post may discuss the memory sweet spot tradeoff between length and range. Length is difficult.

Yes, understand, but remembering a 'story' is IHMO the same as remembering a poem we've learned at school.

...

The world is full of books and other reliably duplicated distributed and stored media. book xor page xor brainphrase ~= only 3 elements, yet can yield quite a bit more retrievable memorable and portable entropy than expected, to which user can also add in elements such as markov window, substitution / ROT-n, translation, etc... 5 to 6 elements. You may also find and post papers estimating that.

Thanks, I have to read more about this topic. Regards Stefan

grarpamp

26 Dec 26 Dec

1:01 a.m.

Oops, wrong table, actually... The range [a-z0-9] yields... 8c = 41b , 13c = 64b , 16c = 80b ... 25c = 128b The range of 95 printable chars yields... 8c = 52b , 10c = 64b , 13c = 80b ... 20c = 128b Obviously peoples's 8 char constructs are often worse than that, and few users will remember the 20+ random chars required to match 128bit crypto. /usr/dict/words has roughly 220-250k entries, which is a much larger range that people think is great since now only 8 things (not 20+) are needed to beat 128 bits... 8w = 128b , 15w = 256b Until they realize that memorizing even 8 drafted at true random from that can potentially be difficult... f=words ; for w in $(jot 8 1) ; do echo -n "$w:" ; l=$(jot -r 1 1 $(wc -l $f | awk '{print $1}')) ; grep -n . $f | grep "^$l:" ; done | sed 's,:.*:,:,' 1:philologue 2:hypermakroskelic 3:misogynic 4:Platycercus 5:unapprehensiveness 6:stare 7:Hippolytidae 8:henotheism So they start trying to cut the range down in various ways, often by regenerating until they get something they like which is really composed of a much smaller virtual brain range, or by ways like using from only the 4 to 8 char word size... f=words ; for s in $(jot $(wc -L $f | awk '{print $1}') 1) ; do echo -n "$s:" ; egrep "^.{$s}$" $f | wc -l ; done | grep '^[4-8]:' [snip] Which leaves a range of roughly 85k words, which when combined with other cuts "sensemaking" and "memory easing", will remove available entropy, thus driving up the word count needed to match 128 bit equivalence. 12 words randomly chosen from the 1700 most popular words will yield 128 bits, 13 from 1000, 11 from 3200, 8 from 66000, etc. It's assumed no one has ever cracked 128-bit anything, so less than that might still be available, for lifetime purposes, by seeing if whatever has been cracked to date, plus a nice safety margin of say 32 bits or whatever bumps it out beyond need.

...

Yes, understand, but remembering a 'story' is IHMO the same as remembering a poem we've learned at school.

Not necessarily because to actually achieve the expected entropy the "made-up story" must be unlimited to choosing words which can represent the random chars, from a sizable range, which can yield a degree of nonsense. Human language is not random, it is constrained to using only words and structures that make sense, thus we have books, and to lesser sense art such as poem, lyric, etc. Then there are... https://www.youtube.com/watch?v=9X0F1Qjn0Ac Things you never see And things Ratboi says like... "As soon as I put this hot poker in my ass I'm going to chop my dick off!" But since he already said and did that, best not use it as a passphrase. And now with AI able to assemble words according to human language structures, and dump them through ASIC powered crack engines, relying only on simplistic made-up stories might not be sufficient either. For example, if your respective substitution range is only 95 words, you need 20+, same as if your story is kinder-school level. Beating the machines requires modelling combinations of a variety of elements and calculating estimates of the real entropy expected from what methods are being used. Quantum or not, entropy is hard for the human brain to manage. A few people have more luck than others... https://www.recordholders.org/en/list/memory.html And after a good run in with Dr. Rubberhose, you might not even remember your name.

grarpamp

1:57 a.m.

The worlds longest insult... You swine. You vulgar little maggot. You worthless bag of filth. As they say in Texas. I'll bet you couldn't pour piss out of a boot with instructions on the heel. You are a canker. A sore that won't go away. I would rather kiss a lawyer than be seen with you. You're a putrescent mass, a walking vomit. You are a spineless little worm deserving nothing but the profoundest contempt. You are a jerk, a cad, a weasel. Your life is a monument to stupidity. You are a stench, a revulsion, a big suck on a sour lemon. You are a bleating foal, a curdled staggering mutant dwarf smeared richly with the effluvia and offal accompanying your alleged birth into this world. An insensate, blinking calf, meaningful to nobody, abandoned by the puke-drooling, giggling beasts who sired you and then killed themselves in recognition of what they had done. I will never get over the embarrassment of belonging to the same species as you. You are a monster, an ogre, a malformation. I barf at the very thought of you. You have all the appeal of a paper cut. Lepers avoid you. You are vile, worthless, less than nothing. You are a weed, a fungus, the dregs of this earth. And did I mention you smell? Try to edit your responses of unnecessary material before attempting to impress us with your insight. The evidence that you are a nincompoop will still be available to readers, but they will be able to access it more rapidly. You snail-skulled little rabbit. Would that a hawk pick you up, drive its beak into your brain, and upon finding it rancid set you loose to fly briefly before spattering the ocean rocks with the frothy pink shame of your ignoble blood. May you choke on the queasy, convulsing nausea of your own trite, foolish beliefs. You are weary, stale, flat and unprofitable. You are grimy, squalid, nasty and profane. You are foul and disgusting. You're a fool, an ignoramus. Monkeys look down on you. Even sheep won't have sex with you. You are unreservedly pathetic, starved for attention, and lost in a land that reality forgot. And what meaning do you expect your delusional self-important statements of unknowing, inexperienced opinion to have with us? What fantasy do you hold that you would believe that your tiny-fisted tantrums would have more weight than that of a leprous desert rat, spinning rabidly in a circle, waiting for the bite of the snake? You are a waste of flesh. You have no rhythm. You are ridiculous and obnoxious. You are the moral[size] equivalent of a leech. You are a living emptiness, a meaningless void. You are sour and senile. You are a disease, you puerile one-handed slack-jawed drooling meat slapper. On a good day you're a half-wit. You remind me of drool. You are deficient in all that lends character. You have the personality of wallpaper. You are dank and filthy. You are asinine and benighted. You are the source of all unpleasantness. You spread misery and sorrow wherever you go. You smarmy lager lout git. You bloody woofter sod. Bugger off, pillock. You grotty wanking oink artless base-court apple-john. You clouted boggish foot-licking twit. You dankish clack-dish plonker. You gormless crook-pated tosser. You churlish boil-brained clotpole ponce. You cockered bum-bailey poofter. You craven dewberry pisshead cockup pratting naff. You gob-kissing gleeking flap-mouthed coxcomb. You dread-bolted fobbing beef-witted clapper-clawed flirt-gill. You are a fiend and a coward, and you have bad breath. You are degenerate, noxious and depraved. I feel debased just for knowing you exist. I despise everything about you, and I wish you would go away. I cannot believe how incredibly stupid you are. I mean rock-hard stupid. Dehydrated-rock-hard stupid. Stupid so stupid that it goes way beyond the stupid we know into a whole different dimension of stupid. You are trans-stupid stupid. Meta-stupid. Stupid collapsed on itself so far that even the neutrons have collapsed. Stupid gotten so dense that no intellect can escape. Singularity stupid. Blazing hot mid-day sun on Mercury stupid. You emit more stupid in one second than our entire galaxy emits in a year. Quasar stupid. Your writing has to be a troll. Nothing in our universe can really be this stupid. Perhaps this is some primordial fragment from the original big bang of stupid. Some pure essence of a stupid so uncontaminated by anything else as to be beyond the laws of physics that we know. I'm sorry. I can't go on. This is an epiphany of stupid for me. After this, you may not hear from me again for a while. I don't have enough strength left to deride your ignorant questions and half baked comments about unimportant trivia, or any of the rest of this drivel. Duh. The only thing worse than your logic is your manners. I have snipped away most of what you wrote, because, well... it didn't really say anything. Your attempt at constructing a creative flame was pitiful. I mean, really, stringing together a bunch of insults among a load of babbling was hardly effective... Maybe later in life, after you have learned to read, write, spell, and count, you will have more success. True, these are rudimentary skills that many of us "normal" people take for granted that everyone has an easy time of mastering. But we sometimes forget that there are "challenged" persons in this world who find these things more difficult. If I had known that this was your case then I would have never read your post. It just wouldn't have been "right". Sort of like parking in a handicap space. I wish you the best of luck in the emotional, and social struggles that seem to be placing such a demand on you. P.S.: You are hypocritical, greedy, violent, malevolent, vengeful, cowardly, deadly, mendacious, meretricious, loathsome, despicable, belligerent, opportunistic, barratrous, contemptible, criminal, fascistic, bigoted, racist, sexist, avaricious, tasteless, idiotic, brain-damaged, imbecilic, insane, arrogant, deceitful, demented, lame, self-righteous, byzantine, conspiratorial, satanic, fraudulent, libelous, bilious, splenetic, spastic, ignorant, clueless, illegitimate, harmful, destructive, dumb, evasive, double-talking, devious, revisionist, narrow, manipulative, paternalistic, fundamentalist, dogmatic, idolatrous, unethical, cultic, diseased, suppressive, controlling, restrictive, malignant, deceptive, dim, crazy, weird, dystopic, stifling, uncaring, plantigrade, grim, unsympathetic, jargon-spouting, censorious, secretive, aggressive, mind-numbing, arassive, poisonous, flagrant, self-destructive, abusive, socially-retarded, puerile, clueless, and generally NOT GOOD.

Stefan Claas

9:31 a.m.

On Sun, Dec 26, 2021 at 2:02 AM grarpamp wrote:

...

Oops, wrong table, actually...

The range [a-z0-9] yields... 8c = 41b , 13c = 64b , 16c = 80b ... 25c = 128b

The range of 95 printable chars yields... 8c = 52b , 10c = 64b , 13c = 80b ... 20c = 128b

Obviously peoples's 8 char constructs are often worse than that, and few users will remember the 20+ random chars required to match 128bit crypto.

/usr/dict/words has roughly 220-250k entries, which is a much larger range that people think is great since now only 8 things (not 20+) are needed to beat 128 bits... 8w = 128b , 15w = 256b

Until they realize that memorizing even 8 drafted at true random from that can potentially be difficult...

f=words ; for w in $(jot 8 1) ; do echo -n "$w:" ; l=$(jot -r 1 1 $(wc -l $f | awk '{print $1}')) ; grep -n . $f | grep "^$l:" ; done | sed 's,:.*:,:,'

1:philologue 2:hypermakroskelic 3:misogynic 4:Platycercus 5:unapprehensiveness 6:stare 7:Hippolytidae 8:henotheism

So they start trying to cut the range down in various ways, often by regenerating until they get something they like which is really composed of a much smaller virtual brain range, or by ways like using from only the 4 to 8 char word size...

f=words ; for s in $(jot $(wc -L $f | awk '{print $1}') 1) ; do echo -n "$s:" ; egrep "^.{$s}$" $f | wc -l ; done | grep '^[4-8]:'

[snip]

Which leaves a range of roughly 85k words, which when combined with other cuts "sensemaking" and "memory easing", will remove available entropy, thus driving up the word count needed to match 128 bit equivalence.

12 words randomly chosen from the 1700 most popular words will yield 128 bits, 13 from 1000, 11 from 3200, 8 from 66000, etc.

It's assumed no one has ever cracked 128-bit anything, so less than that might still be available, for lifetime purposes, by seeing if whatever has been cracked to date, plus a nice safety margin of say 32 bits or whatever bumps it out beyond need.

...
Yes, understand, but remembering a 'story' is IHMO the same as remembering a poem we've learned at school.

Not necessarily because to actually achieve the expected entropy the "made-up story" must be unlimited to choosing words which can represent the random chars, from a sizable range, which can yield a degree of nonsense. Human language is not random, it is constrained to using only words and structures that make sense, thus we have books, and to lesser sense art such as poem, lyric, etc.

Then there are... https://www.youtube.com/watch?v=9X0F1Qjn0Ac Things you never see And things Ratboi says like... "As soon as I put this hot poker in my ass I'm going to chop my dick off!" But since he already said and did that, best not use it as a passphrase.

And now with AI able to assemble words according to human language structures, and dump them through ASIC powered crack engines, relying only on simplistic made-up stories might not be sufficient either. For example, if your respective substitution range is only 95 words, you need 20+, same as if your story is kinder-school level.

Beating the machines requires modelling combinations of a variety of elements and calculating estimates of the real entropy expected from what methods are being used.

Quantum or not, entropy is hard for the human brain to manage. A few people have more luck than others...

https://www.recordholders.org/en/list/memory.html

Sorry for the full quote, and thanks for your detailed reply. Much appreciated!

...

And after a good run in with Dr. Rubberhose, you might not even remember your name.

As you may know, Dr. Rubberhose and his team have only valid work permits for the United States and the United Kingdom ... Regards Stefan

999

Age (days ago)

1002

Last active (days ago)

List overview

Download

15 comments

3 participants

participants (3)

grarpamp
Punk-BatSoup-Stasi 2.0
Stefan Claas