Zoiz Blog

Accounts Security V
Concerning Internet use at public spots & Password by Sequence
A Password Security Related Article by Calvin Limuel a.k.a. r3ck0rd

It’s been a long time since I last posted in Zoiz’ blog. Still the same topic, and it’s already the fifth! Covering internet usage at public hotspots and sequenced passwords. Here are the tips for this time:

1. Log in first before you use it at a public hotspot.
   You don’t know if somebody is ready with his/her Cain&Abel and ready to harvest your usernames and passwords. So, you can log in first at home, put your notebook in standby mode, then bring your notebook where you want to use it.Wonder if somebody thinks of this too.
   Note: It’s not the same as the remember password feature. Remember password feature on your browser just make the username and password appear, it still sends your username and password.
2. Never do e-transaction such as e-banking or online shopping at a public hotspot.
   Crackers still can modify the data sent to the router, so I don’t recommend this activity.
3. Use your personal combination.
   A friend on Facebook posted a link to here: http://www.linux.com/articles/28057. It’s a good idea to combine your personal information like this: “NiKrV@1992!UA-blAcK”. Assume the password user’s name is NiKrad KreVchenko, born @1992, born in Ukraine (ISO country code), and his favorite color is black.
4. Using characters from a random phrase.
   Another good idea. Let’s try from this phrase: “Lorem Ipsum Dolor Sit Amet. The quick little brown fox jumps over a big lazy dog.” Take the first letters then you get LIDSATQLBFJOABLD. Or take per two letters, separate words with exclamation mark, then you get LRM!PU!DLR!I!AE! and so forth. Don’t forget to variate the case, or the symbols. Like changing the exclamation marks to the symbols sequence on your keyboard (~!@#$%^&*()_+`-={}|[]\:”;’<>?,./).
5. Use a Polybius Square.
   I’ve seen this technique somewhere but I forgot it where. Here is one example (you can make this thing by yourself):

   	1	2	3	4	5	6	7	8	9	0
   a	a	s	e	v	e	d	n	e	3	g
   b	!	@	d	3	d	%	e	&	f	3
   c	e	h	*	-	%	d	2	q	F	#
   d	s	!	#	$	%	d	E	2	5	8
   e	f	3	a	S	F	V	#	T	4	A

   This works like a Polybius square, one of the ancient cryptography technique. With this, you can only remember two letters for your password, and the length of your. For example, remembering d2 7 letters long, it is: s!#$%dE. Of course you can make this larger on your own. Or just make your own password, then hide it under your own Polybius square

6. Use the Polybius Square combined with chess moves.
   If you like to play chess, and you know some openings, this shouldn’t be a problem. All you have to do is to make an 8×8 Polybius square, with random letters and captions for chess boards. For example, the Sicilian Dragon Variant: 1. e4 c5 2. Nf3 d6 3. d4 cxd4 4. Nxd4 Nf6 5. Nc3 g6 6. Bg5 Bg7. That’s enough, a password with 12 characters. If there’s a repeat of letters it’s ok, don’t matter. I hope you understand what I mean.

   8	k	l	\	z	“	{	+
   7	j	;	]	x	;	}	=	!
   6	h	‘	[	c	“	|	-	#
   5	g	q	p	v	:	1	0	$
   4	f	w	o	b	?	2	9	%
   3	d	e	i	n	>	3	8	^
   2	s	r	u	m	<	4	7	&
   1	a	t	y	,	. /	5	6	*
   	a	b	c	d	e	f	g	h

   If it based on this square and using the Sicilian Dragon Variant, my password would be: ?p3cbbb|i-0=
   Go make your own! Print all your Polybius Squares, make cards of it, and put it into your wallet.

7. Use On Screen Keyboard.
   I always forgot to write this. If you’re lazy to do the previous tips about copy pasting letters from a text file, just use on screen keyboard. In case there is a keylogger logging coordinate of mouse clicks, before and after you type your password with this tool, move the keyboard to another spot.
8. Keyboard sequence isn’t always insecure.
   Yeah, it’s not always insecure. But of course, lame sequence like asdfghjkl, is insecure. Be creative with this one. Like this: !qAz@wSx#eDc. Figure out the sequence yourself. You can switch to another keyboard layout (other than QWERTY, like Dvorak) for awhile for entering passwords.
9. One-way encrypted password as your password.
   Just remember a word, or name, like John Doe. Then, encrypt it to md5. Resulting: 4c2a904bafba06591225113ad17b5cec. If it doesn’t fit because of the character limit (md5 is 25 character), just cut off the half to the limit character.
10. Using multi-level encryption.
    I found this idea when searching for an encryption tool. If you don’t get what I say, then I’ll give you an example:

    $pass = sha1(md5(md5(sha1(sha1(md5(md5(sha1($pass))))))));

    Add salt and different encryption ways if you please:

    $pass= sha1(md5(crypt(str_rot13(base64_encode(md5(1357, sha1($pass)))))))

    I’m not responsible for any server crash

That’s all for now. Enjoy securing.

Thu.1.29.2008
r3ck0rd

©2008 Calvin Limuel a.k.a. r3ck0rd. All rights reserved.
Original Link: http://reckord.info/password-security/303.account-security-v.html or http://reckord.info/?p=303