A
A
andrew_tch2016-01-25 23:27:47
Passwords
andrew_tch, 2016-01-25 23:27:47

What dynamic password systems do you know?

Hi all!
Prompt a system for dynamic password generation, depending on the resource, with the requirements:

  • resistance to algorithm disclosure
  • Ability to generate several different passwords for the same resource
  • Lack of external means of encryption (cipher pad, phone)
  • The impossibility (well, at least at first glance) of recovering the algorithm from a leaked password

Or suggest articles on this topic. A cursory google didn't help.
Thank you!

Answer the question

In order to leave comments, you need to log in

4 answer(s)
N
nirvimel, 2016-01-25
@nirvimel

dynamic_key_for_url = md5(your_secret_key + resource_url + password_variant_index)

Yes.
The variable password_variant_indexspecifies the password slot number for a specific resource.
Any computing device will do: PC, laptop, tablet, phone (or pen + paper + half an hour of time).
This is impossible at first, second and 100500th glance.

A
Andrew, 2016-01-26
@OLS

What you want with more or less serious cryptographic strength is called a hand cipher or playing card cipher and still requires either a pen with a notepad or a deck of playing cards.
Your task seems simpler to me. For a sample, I propose the following technique (modify it to your taste, just do not lose the information capacity of the password):
1) each letter of the Latin alphabet is assigned uniformly numbers from 1 to 9 - you can alphabetically, or you can, for example, based on a 101-key qwerty- keyboards - looking up the columns (1-QAZ, 2-WSX, etc.);
2) from the name of the site for which you create a password, leave only the second-level domain and multiply by repetition (or truncate) mentally to N + 1 characters, where N is the desired password length; for example, for gmail.com and an 8-character password, we get "gmailgmai"
3) over each pair of adjacent domain characters (starting from the first pair of "gm"):
- replace with the numbers described in paragraph 1 - (5; 7),
- if the first digit is even - add 1,
- if you wish, you can add the serial number of the generated password for this site to the second digit;
- multiply (35);
- take the remainder of dividing by 10 (5) and either use it as a password, or replace it with a letter according to the same rule (for example, the first one under "5" - "t").
If you do not want repetitions inside the password for short domains, take from the moment of repetition not the first but the second letter in the column, etc.
Total:
gm - 5; 7 - 35 - 5 - t
ma - 7; 1 - 7 - 7 - u
ai - 1; 8 - 8 - 8 - i
il - 8; 9 - 9; 9 - 81 - 1 - q
lg - 9;5 - 45 - 5 - t
gm - 5;7 - 35 - 5 - g
ma - 7;1 - 7 - 7 - j
ai - 1;8 - 8 - 8 - k
"tuiqtgjk"
So the scheme imagine quite realistically. But is it worth such calculations in your head?

A
Askar A, 2016-01-26
@clear_book

I thought to write "Keepass", but it turns out that it is much more difficult to answer here))

dynamic password generation system,
Do you mean a system with an encryption algorithm that only you can decrypt? If so, you'd better find a book. Although what I advise most likely the first answers will suit you)

A
andrew_tch, 2016-01-26
@andrew_tch

There are legends that there are people who invent passwords in their head in a finite time (2-3 seconds).

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question