BADecker (OP)
Legendary
Offline
Activity: 3976
Merit: 1382
|
|
January 27, 2014, 04:49:52 PM |
|
The basics about how to generate a strong password/passphrase using a random character generator.
You start with a program that can generate random characters. The scripting for a simple html page that uses javascript to generate a list of 10,000 random characters is listed below.
You generate a list of at least 10,000 random characters. Inside this list of random characters, you select a group of consecutive characters as your password. Here is a potential password taken from a real randomly generated character list:
ySpx2DtPFqAUY5Bxkn7VNdESw5Q4skZPZ9UlGjgJ19CQpfIerebOKxCMe3H4pF
The password can be any length. Usually, the longer the password, the better safety you have.
Now, how do you remember the password? You do it by making a password key. A simple password key for the above password might be "ySpx262". The first 5 characters of this password key are the first 5 characters of the password. The "62" at the end of the key indicates that there are 62 characters in the password. There are many other ways for making password keys. Use your imagination.
You have saved the list of 10,000 random characters in a text file. You have made many copies of this file, and even printed out paper copies. You are making sure that you always have backups of your password available.
To get your password from the list using your password key, you search the computer or paper file for the first 5 characters of your key: "ySpx2". Then you simply count out a total of 62 characters to find your password. Copy and paste the password (or type it if it is on a paper list), and you have it.
The odds are great that nobody will be able to guess your password out of the 10,000 characters, if they happen to find your random character file. And it is even more difficult because they don't know how many characters long it might be. Yet, you can always find your password easily from the simple key... a key that you can easily memorize, or one that you can hide on a slip of paper behind the closet door, etc. Even if someone found the key, they wouldn't know how or where to use it - what its purpose was.
There are simpler ways to make the random character than the generator script below, using arrays, for example. This script may not work with some older browsers because javascript has evolved over the years.
-------------------- THE HTML CODE
<html> <head>
<script type="text/javascript" language="JavaScript"> <!--
var i = 0; var characters = ''; var newchar = 0;
function calc3(){ characters = ""; document.validate.activegenerate.value = characters; calc1(); }
function calc1(){ for (i=0; i<10000; i==i){ newchar = Math.floor((Math.random()*70)+1); if (newchar == 1){ characters += "a"; i++; } if (newchar == 2){ characters += "b"; i++; } if (newchar == 3){ characters += "c"; i++; } if (newchar == 4){ characters += "d"; i++; } if (newchar == 5){ characters += "e"; i++; } if (newchar == 6){ characters += "f"; i++; } if (newchar == 7){ characters += "g"; i++; } if (newchar ==8){ characters += "h"; i++; } if (newchar == 9){ characters += "i"; i++; } if (newchar == 10){ characters += "j"; i++; } if (newchar == 11){ characters += "k"; i++; } if (newchar == 12){ characters += "l"; i++; } if (newchar == 13){ characters += "m"; i++; } if (newchar == 14){ characters += "n"; i++; } if (newchar == 15){ characters += "o"; i++; } if (newchar == 16){ characters += "p"; i++; } if (newchar == 17){ characters += "q"; i++; } if (newchar == 18){ characters += "r"; i++; } if (newchar == 19){ characters += "s"; i++; } if (newchar == 20){ characters += "y"; i++; } if (newchar == 21){ characters += "u"; i++; } if (newchar == 22){ characters += "v"; i++; } if (newchar == 23){ characters += "w"; i++; } if (newchar == 24){ characters += "z"; i++; } if (newchar == 25){ characters += "y"; i++; } if (newchar == 26){ characters += "z"; i++; } if (newchar == 27){ characters += "A"; i++; } if (newchar == 28){ characters += "B"; i++; } if (newchar == 29){ characters += "C"; i++; } if (newchar == 30){ characters += "D"; i++; } if (newchar == 31){ characters += "E"; i++; } if (newchar == 32){ characters += "F"; i++; } if (newchar == 33){ characters += "G"; i++; } if (newchar == 34){ characters += "H"; i++; } if (newchar == 35){ characters += "I"; i++; } if (newchar == 36){ characters += "J"; i++; } if (newchar == 37){ characters += "K"; i++; } if (newchar == 38){ characters += "L"; i++; } if (newchar == 39){ characters += "M"; i++; } if (newchar == 40){ characters += "N"; i++; } if (newchar == 41){ characters += "O"; i++; } if (newchar == 42){ characters += "P"; i++; } if (newchar == 43){ characters += "Q"; i++; } if (newchar == 44){ characters += "R"; i++; } if (newchar == 45){ characters += "S"; i++; } if (newchar == 46){ characters += "Y"; i++; } if (newchar == 47){ characters += "U"; i++; } if (newchar == 48){ characters += "V"; i++; } if (newchar == 49){ characters += "W"; i++; } if (newchar == 50){ characters += "X"; i++; } if (newchar == 51){ characters += "Y"; i++; } if (newchar == 52){ characters += "Z"; i++; } if (newchar == 53){ characters += "0"; i++; } if (newchar == 54){ characters += "1"; i++; } if (newchar == 55){ characters += "2"; i++; } if (newchar == 56){ characters += "3"; i++; } if (newchar == 57){ characters += "4"; i++; } if (newchar == 58){ characters += "5"; i++; } if (newchar == 59){ characters += "6"; i++; } if (newchar == 60){ characters += "7"; i++; } if (newchar == 61){ characters += "8"; i++; } if (newchar == 62){ characters += "9"; i++; } } document.validate.activegenerate.value = characters; }
--> </script> </head> <body > <table ALIGN=CENTER BORDER CELLSPACING=0 CELLPADDING=10 WIDTH="80%" > <tr> <td> <form name="validate"> <input onClick="return calc3()" type="button" name="" value="Click to create the character content in the box."> <center><textarea name="activegenerate" id="activegenerate" cols=80 rows=15 wrap="hard" ></textarea></center> </form> </td> </tr> </table> </body> </html>
|
|
|
|
xDan
|
|
January 27, 2014, 05:21:53 PM |
|
but you probably shouldn't use that for a brainwallet or a private key.
|
HODLing for the longest time. Skippin fast right around the moon. On a rocketship straight to mars. Up, up and away with my beautiful, my beautiful Bitcoin~
|
|
|
jongameson
Member
Offline
Activity: 84
Merit: 10
|
|
January 27, 2014, 06:17:36 PM |
|
encrypt something everybody knows like, take pi-billion.txt (pi to a billion places) then to a sha256sum on it bingo, there's your brainwallet key!!
|
|
|
|
hilariousandco
Global Moderator
Legendary
Online
Activity: 3990
Merit: 2717
Join the world-leading crypto sportsbook NOW!
|
|
January 27, 2014, 06:22:32 PM |
|
The length/strength of your password wont mean shit if you've got a keylogger.
|
|
|
|
Bostonbitcoin
Member
Offline
Activity: 70
Merit: 10
|
|
January 27, 2014, 06:27:56 PM |
|
The length/strength of your password wont mean shit if you've got a keylogger.
That's excellent, I've had 1000 coins on Mt Gox for a while with password 12345 which someone told me was bad, I've now changed the password to ySpx262. I understand perfectly, thank you. Seriously, good post, thanks
|
|
|
|
BADecker (OP)
Legendary
Offline
Activity: 3976
Merit: 1382
|
|
January 27, 2014, 06:28:29 PM |
|
The length/strength of your password wont mean shit if you've got a keylogger.
Thank Goodness that you can do all your Bitcoining offline. If you don't have enough sense to protect your computer from hacking... well, it's your own fault.
|
|
|
|
BADecker (OP)
Legendary
Offline
Activity: 3976
Merit: 1382
|
|
January 27, 2014, 06:29:59 PM |
|
The length/strength of your password wont mean shit if you've got a keylogger.
That's excellent, I've had 1000 coins on Mt Gox for a while with password 12345 which someone told me was bad, I've now changed the password to ySpx262. I understand perfectly, thank you. Seriously, good post, thanks Ha, ha, ha, chuckle, chuckle, snicker, snicker!
|
|
|
|
Phrenico
Member
Offline
Activity: 75
Merit: 10
|
|
January 27, 2014, 06:44:42 PM |
|
The odds are great that nobody will be able to guess your password out of the 10,000 characters, if they happen to find your random character file. And it is even more difficult because they don't know how many characters long it might be.
However, if they do find the file, it will take about 10,000^2 attempts to brute force the password. That's less than 27 bits of entropy. I would print out the text for added security.
|
|
|
|
BADecker (OP)
Legendary
Offline
Activity: 3976
Merit: 1382
|
|
January 27, 2014, 06:52:43 PM |
|
The odds are great that nobody will be able to guess your password out of the 10,000 characters, if they happen to find your random character file. And it is even more difficult because they don't know how many characters long it might be.
However, if they do find the file, it will take about 10,000^2 attempts to brute force the password. That's less than 27 bits of entropy. I would print out the text for added security. I really wanted to use Auntie's middle name...
|
|
|
|
porcupine87
|
|
March 13, 2014, 01:31:16 AM |
|
encrypt something everybody knows like, take pi-billion.txt (pi to a billion places) then to a sha256sum on it bingo, there's your brainwallet key!! interesting idea. Just remeber a number like 20031980 (which seem to be your birthday) and take the first 20031980 numbers to make a sha256. But if the attacker knows your strategy, you are fucked
|
"Morality, it could be argued, represents the way that people would like the world to work - whereas economics represents how it actually does work." Freakonomics
|
|
|
cbeast
Donator
Legendary
Offline
Activity: 1736
Merit: 1014
Let's talk governance, lipstick, and pigs.
|
|
March 13, 2014, 02:11:03 PM |
|
Everyone talks about dictionary attacks, so fool them with a thesaurus.
|
Any significantly advanced cryptocurrency is indistinguishable from Ponzi Tulips.
|
|
|
bitcoiner49er
|
|
March 13, 2014, 02:31:25 PM |
|
During a recent password audit, it was found that a blonde was using the following password: "Mickey Minnie Pluto Huey Louie Dewey Donald Goofy Sacramento" When asked why she had such a long password, she said she was told that it had to be at least 8 characters long and include at least one capital.
|
Homo doctus is se semper divitias habet
|
|
|
jbrnt
|
|
March 13, 2014, 03:15:31 PM |
|
During a recent password audit, it was found that a blonde was using the following password: "Mickey Minnie Pluto Huey Louie Dewey Donald Goofy Sacramento" When asked why she had such a long password, she said she was told that it had to be at least 8 characters long and include at least one capital. I like this one, put a smile on my face
|
|
|
|
|