Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

base64 for an easy & strong encrypted key-pass.

Off-Topic discussions about science, technology, and non Debian specific topics.
Message
Author
User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

base64 for an easy & strong encrypted key-pass.

#1 Post by bester69 »

Hi,

What do you thing about using encoding base64 as a password key for encrypting?

It gives you a resulting encoded word which contains Numeric + lower/capital letters.. to prevent hacking this method, it occurs to me adding some two dots charcters intercaled in a fixed position.. It seems a good way to get unbreakable encoded passwords with very easy key words.

example.
1. - Key = umbrella >> base64(umbrella)= dW1icmVsbGE=
2. We apply a litle bit of stenography to the resulted base64 word:
i.e We add some two recordable complex ascii character in a knowed position to break any hacker base64 technique they used in the uncoding process.
dW1icmVsbGE= >> d€W1icmVsbGE€= (In this case we added € in second and penultimate position)

final result: umbrella == d€W1icmVsbGE€=

So, I expect some opinions here. :o
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: base64 for an easy & strong encrypted key-pass.

#2 Post by debiman »

bester69 wrote:So, I expect some opinions here. :o
what seems difficult to hack for humans, is easy for machines.
your "recipe" follows a simple set of rules:
  1. translate a dictionary word with base64
  2. add a single charactyer to it twice
number 2 is clearly making it a little harder to crack, but still... you could've just as well used u€mbrell€a.
there's about a thousand ways to go about this, most of them better.

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: base64 for an easy & strong encrypted key-pass.

#3 Post by bester69 »

debiman wrote:
bester69 wrote:So, I expect some opinions here. :o
what seems difficult to hack for humans, is easy for machines.
your "recipe" follows a simple set of rules:
  1. translate a dictionary word with base64
  2. add a single charactyer to it twice
number 2 is clearly making it a little harder to crack, but still... you could've just as well used u€mbrell€a.
there's about a thousand ways to go about this, most of them better.
Hi debiman, thanks for answering

It seems simple rules, but I dont see any weakness in them, with base64 we're getting a very strong word to break (base64 Alphanumeric).. adding some interleaved ascii characters prevent a hacker trying base64 inverse decoding force brute/libray book.

What you're proposing (u€mbrell€a) its a weaker word beacuse you're using only lower alpha characters plus two ascii interleaved characters.. And I guess tools for hacking follow a order rules in decoding, starting for lower chatacter, following with other ascii combinations, I guess that word would be relative quickly broken. It might take some few hours/minits with a relative new processor. You're only using a lowerCharcter set (base26) plus two comun ascii characters; A set decoding similar to this would break that code in minits/hours : 'a-z.,€$@&%!;:'

That's why they recommend you to use LowerCharacters + UpperCharacters + Numbers + FewExtrangeAscii , cos this force them to use full ASCII set for decoding (ASCII is base95) which with just a 5 characters word might take months/years with a powerfull CPU.

I think what Im proposing follow with the rules of unbreakable password, but furthermore has the advantages you can remember the complex password by using those two rule steps you wrote down (removing intercaled characters + uncoding base64). So we can use simple words like : dog, yellow, monday, 1980 in order to generate unbreakable and unforgettable passwords.



'
Last edited by bester69 on 2018-08-22 05:32, edited 1 time in total.
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: base64 for an easy & strong encrypted key-pass.

#4 Post by bester69 »

debiman wrote:..there's about a thousand ways to go about this, most of them better.[/url]
The idea is to get a complex unbreakable password you can always and easily to remember/decoding

Example:
1980 == U.s7snhj.2=

You cant remember U.s7snhj.2=, but you can 1980
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: base64 for an easy & strong encrypted key-pass.

#5 Post by Head_on_a_Stick »

deadbang

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: base64 for an easy & strong encrypted key-pass.

#6 Post by bester69 »

Head_on_a_Stick wrote:https://xkcd.com/936/
(supressive attitude personality goes on) Organic Portal? :shock:
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

kopper
Posts: 137
Joined: 2016-09-30 14:30

Re: base64 for an easy & strong encrypted key-pass.

#7 Post by kopper »

This mainly relies on lack of awareness of the attacker. Offline brute force attack can counter this by applying the same principle on all guesses the cracker software makes. I.e. base64(guess) + additional characters to predefined positions, then compare the hashed result to stolen hash. It doesn't matter that the end-result is more complex than the input, since the process is 100% reversible with adequate information. And that information can often be obtained by other means. Relying on the fact that attacker does not know about base64, selected "salt characters" or placement of them is security through obscurity.

It might provide some resilience against rainbow tables, as there are fewer tables containing hashes for longer passwords. It might initially buy you some time, but it doesn't take long to write a script for JohnTheRipper or other tools to make this almost completely useless. Worst case scenario, this will make crackers life even easier since users trusting this are likely to use even crappier passwords. Leading effectively to increased efficiency of dictionary attacks.

Cryptography is hard and I'm by no means an authority on the issue. However, using encoding in place of cryptographic function in this kind of scenario is like pulling on two pairs of socks and claiming you're only wearing one.
Debian 10.2 Stable with i3
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian

User avatar
RU55EL
Posts: 546
Joined: 2014-04-07 03:42
Location: /home/russel

Re: base64 for an easy & strong encrypted key-pass.

#8 Post by RU55EL »

bester69 wrote:[...] You cant remember U.s7snhj.2=, but you can 1980
What do you mean you can't remember U.s7snhj.2=. It is only 11 digits! And not that complicated.

Now these might be a little hard to memorize:

Code: Select all

+']_.+#;>!]&)~;$'(]=&>*@(

GYUAFFSJKPWXMDKFMHSBKBQAZ

dqbJ^yFM'sQ*d=Q-Wy.rXt,uo

hqnyq,^/dnq&god)`ut*-*}pj

76DA77QHE6AVJAPCBR9BK3HHU
But they can be memorized and they are halfway decent passwords.

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: base64 for an easy & strong encrypted key-pass.

#9 Post by bester69 »

kopper wrote:....
It might provide some resilience against rainbow tables, as there are fewer tables containing hashes for longer passwords. It might initially buy you some time, but it doesn't take long to write a script for JohnTheRipper or other tools to make this almost completely useless

.....
ok, do you really thing most of attackers are considering this :"I.e. base64(guess) + additional characters to predefined positions", do you thing they will use matching decoding algotrithm?.. Thats supposing too much in my opinion..this sounds to me similar to "linux do have viruses", (but none has ever met them..)

ok, You're kind of right, seems a fair weakeness thounght very improbable scenario in my opinion, I would bet this scenario is very unlikely to happend for casual hackers, I really dont see it happening.

Anyways, I suppose we might add an addional security obscurity layer, that would make it a "perfect procedure" against any contemplated/guessed scenario by any hacker.

For example: we might use as well (two characters intervealed in the source encoding word, as well), that would break any possibility matching procedure algorithm by trying reverse base64 decoding diccitionary; it would fail.

Example:
umbrella >> u$mbrell$a >> (base64) >> Asnajh54n= >> A$snajh54n$=

THIS DO SEEMS QUICK UNPROBABLE IMPOSSIBLE HACKING Im wondering myself How many algorithms in world can break that example word..

Anyway, this procedure is perfect for cloud services, as all of them lock the account by few failed intents. See!!, In this scenario, this method is Great 8)


regards.
Last edited by bester69 on 2018-08-22 13:14, edited 15 times in total.
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
sunrat
Administrator
Administrator
Posts: 6412
Joined: 2006-08-29 09:12
Location: Melbourne, Australia
Has thanked: 116 times
Been thanked: 462 times

Re: base64 for an easy & strong encrypted key-pass.

#10 Post by sunrat »

Head_on_a_Stick wrote:https://xkcd.com/936/
Damn, I better change my pass word. :shock: :lol:

JK, I was thinking to post that same link after reading OP.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!

kopper
Posts: 137
Joined: 2016-09-30 14:30

Re: base64 for an easy & strong encrypted key-pass.

#11 Post by kopper »

bester69 wrote:ok, do you really thing most of attackers are considering this [retracted] Thats supposing too much in my opinion.
Not initially of course, but eventually that would become public knowledge given enough time. If you're implementing this as part open-source project, it is public as soon as the project goes live. Even if it's propriatery, it will be found as vulnerability soon enough. Don't underestimate people's interest in "new unbreakable passwords". At least that claim will get everyone to try and break it, when it comes to security industry. For reference, you might be interested to take look how it worked for John McAfee when he said his Bitfi wallet was "unhackable".

Security through obscurity in defense isn't really anything you should aim for. Security should not be affected by the fact that potential adversary knows the used algorithms inside out. On offensive field, obscurity has more use cases in operational security, like remaining undetected until you achieve what you want. I.e. you acknwoledge that you're operating on limited time window.
bester69 wrote:For example: we might use as well
To counter it, just write a longer script for the cracker software. You can't achieve anything new by iterating between encoding and adding characters.
bester69 wrote:Anyway, this procedure is perfect for cloud services, as all of them lock the account by few failed intents. See!!, In this scenario, this method is Great 8)
That already works quite fine for normal passwords. Anyone who's not a bot or an idiot wouldn't try to brute force live web application / cloud service with such restrictions.
Debian 10.2 Stable with i3
Secure your stuff: Securing Debian Manual
Don't break your stuff: Source List Management DontBreakDebian

User avatar
RU55EL
Posts: 546
Joined: 2014-04-07 03:42
Location: /home/russel

Re: base64 for an easy & strong encrypted key-pass.

#12 Post by RU55EL »

bester69 wrote:[...]ok, do you really thing most of attackers are considering this :"I.e. base64(guess) + additional characters to predefined positions", do you thing they will use matching decoding algotrithm?.. Thats supposing too much in my opinion..this sounds to me similar to "linux do have viruses", (but none has ever met them..)[...]
Yeah, that gives your argument lots of credibility!

I guess you think it is impossible to write a virus for Linux.

PS: This is an example of what I consider to be a good password:

Code: Select all

^]\`KPRE~`FL\D/&>[__ZT]S\.J~*K#R;GJMFE}GC`_$$~/E'{

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: base64 for an easy & strong encrypted key-pass.

#13 Post by bester69 »

RU55EL wrote:
bester69 wrote:[...]ok, do you really thing most of attackers are considering this :"I.e. base64(guess) + additional characters to predefined positions", do you thing they will use matching decoding algotrithm?.. Thats supposing too much in my opinion..this sounds to me similar to "linux do have viruses", (but none has ever met them..)[...]
Yeah, that gives your argument lots of credibility!

I guess you think it is impossible to write a virus for Linux.

PS: This is an example of what I consider to be a good password:

Code: Select all

^]\`KPRE~`FL\D/&>[__ZT]S\.J~*K#R;GJMFE}GC`_$$~/E'{
You just need >= 8 ASCII(Base 95 characters) .. what the hell are you doing man?? :lol: You wouldnt break that even with a quantum computer :shock:

See this litle ASCII 9 characters:
/yjH.23dZ

Would take around 1300 years according this calculator (2015 cpu computer): https://www.betterbuys.com/estimating-p ... ing-times/
Would take around 7 years according this calculator: https://random-ize.com/how-long-to-hack-pass/
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
RU55EL
Posts: 546
Joined: 2014-04-07 03:42
Location: /home/russel

Re: base64 for an easy & strong encrypted key-pass.

#14 Post by RU55EL »

bester69 wrote:
You just need >= 8 ASCII(Base 95 characters) .. what the hell are you doing man?? :lol: You wouldnt break that even with a quantum computer :shock:

See this litle ASCII 9 characters:
/yjH.23dZ

Would take around 1300 years according this calculator (2015 cpu computer): https://www.betterbuys.com/estimating-p ... ing-times/
Would take around 7 years according this calculator: https://random-ize.com/how-long-to-hack-pass/
Try checking at How secure is my password. Estimate for your password "/yjH.23dZ"
It would take a computer about

1 month

to crack your password
Estimate for " ^]\`KPRE~`FL\D/&>[__ZT]S\.J~*K#R;GJMFE}GC`_$$~/E'{"
It would take a computer about

830 quattuorvigintillion years

to crack your password
I usually check the password size limit (for where it is used) and use that for the size of the password. You can never be too sure.

PS: The password size limit here at forums.debian.net is 30 digits. Do you think you can guess my password?

PPS: How big is a quattuorvigintillion?

User avatar
Head_on_a_Stick
Posts: 14114
Joined: 2014-06-01 17:46
Location: London, England
Has thanked: 81 times
Been thanked: 132 times

Re: base64 for an easy & strong encrypted key-pass.

#15 Post by Head_on_a_Stick »

Nice site!

Apparently, the password "howsecureismypassword" would take 410 billion years to crack and it's really easy to remember — there's a lesson there for us all, I think :mrgreen:
deadbang

User avatar
RU55EL
Posts: 546
Joined: 2014-04-07 03:42
Location: /home/russel

Re: base64 for an easy & strong encrypted key-pass.

#16 Post by RU55EL »

Head_on_a_Stick wrote:
Nice site!

Apparently, the password "howsecureismypassword" would take 410 billion years to crack and it's really easy to remember — there's a lesson there for us all, I think :mrgreen:
It is even better at https://www.betterbuys.com/estimating-p ... ing-times/

results for "howsecureismypassword"


INFINITI
Yep, you can't take those password checkers too seriously. We have brains, it's good to use them every so often...

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: base64 for an easy & strong encrypted key-pass.

#17 Post by debiman »

debiman wrote:what seems difficult to hack for humans, is easy for machines.
i don't know why this is so difficult to understand?
base64 encoding looks tricky to human eyes, but is a simple standard mechanism available on all computers. a good (*) password cracking program should take these into account.
the fashionable "leet" = "1337" replacements are an even more blatant example.

beside plain dictionary words, the above website does not take any of this into account.

fwiw, i'm not using dictionary words anymore. I use only random passwords, as long as possible (40 characters - but not all login services allow such length).
My password manager is secured with 2-factor authentication.
The password part is a gibberish word that is pronouncable enough to remember it, plus some extra chars.

(*) i'm playing devil's advocate here

User avatar
bester69
Posts: 2072
Joined: 2015-04-02 13:15
Has thanked: 24 times
Been thanked: 14 times

Re: base64 for an easy & strong encrypted key-pass.

#18 Post by bester69 »

debiman wrote:
debiman wrote:what seems difficult to hack for humans, is easy for machines.
i don't know why this is so difficult to understand?
base64 encoding looks tricky to human eyes, but is a simple standard mechanism available on all computers. a good (*) password cracking program should take these into account.
the fashionable "leet" = "1337" replacements are an even more blatant example.

beside plain dictionary words, the above website does not take any of this into account.

fwiw, i'm not using dictionary words anymore. I use only random passwords, as long as possible (40 characters - but not all login services allow such length).
My password manager is secured with 2-factor authentication.
The password part is a gibberish word that is pronouncable enough to remember it, plus some extra chars.

(*) i'm playing devil's advocate here
You are very confuse and very wrong if using 40 characters word, In 2019 at
today's date, any full ASCII word with just a lenth >=8 characters is unbreakable unless there are several supercomputers working in that brute attack decoding. There is no regular home computer in world able to break a full ASCII word of just 8 characters, and it would take them several years in the best of the cases. But If you dont understand that, go to a any mathematics and ask them about the minimun unbreakable length of characters for todays CPU's.

You dont need a 40 chars word, its enought with o one between 8 or 10 characters. You arent very good at mathematics, arent you? :shock:
bester69 wrote:STOP 2030 globalists demons, keep the fight for humanity freedom against NWO...

User avatar
sunrat
Administrator
Administrator
Posts: 6412
Joined: 2006-08-29 09:12
Location: Melbourne, Australia
Has thanked: 116 times
Been thanked: 462 times

Re: base64 for an easy & strong encrypted key-pass.

#19 Post by sunrat »

I'll play devil's advocate's sidekick. You don't really need an unbreakable password to hide your pr0n collection. :mrgreen:
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: base64 for an easy & strong encrypted key-pass.

#20 Post by debiman »

bester69 wrote: You are very confuse and very wrong if using 40 characters word, In 2019 at
today's date, any full ASCII word with just a lenth >=8 characters is unbreakable unless there are several supercomputers working in that brute attack decoding. There is no regular home computer in world able to break a full ASCII word of just 8 characters, and it would take them several years in the best of the cases. But If you dont understand that, go to a any mathematics and ask them about the minimun unbreakable length of characters for todays CPU's.

You dont need a 40 chars word, its enought with o one between 8 or 10 characters. You arent very good at mathematics, arent you? :shock:
i don't know where you are getting these alternative facts from (please do share some links) but i think it's plain to understand that a longer password is harder to crack, duh.
also i don't use "words", but completely randomised passwords, which i do not remember in my head. maybe you need to re-read my last post.
also last time i looked it was still 2018. maybe in besterland the clocks are running faster?

Post Reply