What dynamic password systems do you know?

A

andrew_tch2016-01-25 23:27:47

Passwords

andrew_tch, 2016-01-25 23:27:47

Hi all!
Prompt a system for dynamic password generation, depending on the resource, with the requirements:

resistance to algorithm disclosure
Ability to generate several different passwords for the same resource
Lack of external means of encryption (cipher pad, phone)
The impossibility (well, at least at first glance) of recovering the algorithm from a leaked password

Or suggest articles on this topic. A cursory google didn't help.
Thank you!

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

N

nirvimel, 2016-01-25
@nirvimel

dynamic_key_for_url = md5(your_secret_key + resource_url + password_variant_index)

Yes.
The variable password_variant_indexspecifies the password slot number for a specific resource.
Any computing device will do: PC, laptop, tablet, phone (or pen + paper + half an hour of time).
This is impossible at first, second and 100500th glance.

A

Andrew, 2016-01-26
@OLS

What you want with more or less serious cryptographic strength is called a hand cipher or playing card cipher and still requires either a pen with a notepad or a deck of playing cards.
Your task seems simpler to me. For a sample, I propose the following technique (modify it to your taste, just do not lose the information capacity of the password):
1) each letter of the Latin alphabet is assigned uniformly numbers from 1 to 9 - you can alphabetically, or you can, for example, based on a 101-key qwerty- keyboards - looking up the columns (1-QAZ, 2-WSX, etc.);
2) from the name of the site for which you create a password, leave only the second-level domain and multiply by repetition (or truncate) mentally to N + 1 characters, where N is the desired password length; for example, for gmail.com and an 8-character password, we get "gmailgmai"
3) over each pair of adjacent domain characters (starting from the first pair of "gm"):
- replace with the numbers described in paragraph 1 - (5; 7),
- if the first digit is even - add 1,
- if you wish, you can add the serial number of the generated password for this site to the second digit;
- multiply (35);
- take the remainder of dividing by 10 (5) and either use it as a password, or replace it with a letter according to the same rule (for example, the first one under "5" - "t").
If you do not want repetitions inside the password for short domains, take from the moment of repetition not the first but the second letter in the column, etc.
Total:
gm - 5; 7 - 35 - 5 - t
ma - 7; 1 - 7 - 7 - u
ai - 1; 8 - 8 - 8 - i
il - 8; 9 - 9; 9 - 81 - 1 - q
lg - 9;5 - 45 - 5 - t
gm - 5;7 - 35 - 5 - g
ma - 7;1 - 7 - 7 - j
ai - 1;8 - 8 - 8 - k
"tuiqtgjk"
So the scheme imagine quite realistically. But is it worth such calculations in your head?

A

Askar A, 2016-01-26
@clear_book

I thought to write "Keepass", but it turns out that it is much more difficult to answer here))

dynamic password generation system,

Do you mean a system with an encryption algorithm that only you can decrypt? If so, you'd better find a book. Although what I advise most likely the first answers will suit you)

A

andrew_tch, 2016-01-26
@andrew_tch

There are legends that there are people who invent passwords in their head in a finite time (2-3 seconds).