과학자를 위한 암호

2007년 3월 30일 · 데비드 브레들리의

, 희망이 있 강한 복잡하게 된 기억은, 암호 고통이다. 특히 당신이 열려있는 사무실에서 또는 암호 보호하지 않으면 말한 파일을 일하는 경우에, 그들을 적거나 파일의 어떤에서 저장하는 것은 목표를 격파한다. 제일 암호는 과학이 아주 좋다에 보통 편지의 혼합물, 수 및 상징, 무언가이다.

당신이 엔지니어 수학자인 경우에, 화학자, 예를 들면, 당신은 그것의 논리적 결론에 위 생각을 가지고 갈 수 있어야. 예를 들면, 당신은 적용되는 힘 때문에 예를 들면 피보나치 순서 또는 가속도 운동을 위해 공식을 사용할지도 모르다, 또는 화학자는에서 일할 것이다 선형 화학 공식의 수백만이 있다. 다만 화합물을 쑤시십시오. Taxol 의 제암성 약, 분자 공식 C47H51NO14. 여분 안전을 위해, 당신은 예를 들면 그것을 반전하거나 당신에게 41N15H74를 주는 첫번째 그리고 마지막 편지를, 밖으로 놓치는 것을 선택할 수 있었다. 저것은 관계되 강한 암호를 만들 것입니다, 당신이 오직 해야 하는 것은 당신을 당신의 선택한 화합물 및 그것을 변경하기 위하여 산법을 기억하도록 확인하기 위한 것이다. 밖으로 체크 www.ChemSpider.com 보기 더를 위해, 당신은 약 10백만개의 화합물에서 선택할 수 있었다. 당연히, 당신은 이 기술을 사용하는 화학자 일 필요없다. 부수적으로 어떤 크래커든지 10m 화합물의 저 데이타베이스를 사용하여 이 위치에 브루트 포스 공격을 시도하기 전에, 2개의 것을 기억하십시오: (a) ChemSpider는 거기 유일한 데이타베이스가이다 CAS, PubChem, ChEBI 아니 다스 다른 사람 (b) 우리는 실제로 이 기술을 여기에서 사용하지 않는다.

이제까지는 27의 응답 ↓

markku // 2007년 4월 6일 6:05 pm에

Haha는, 화학 엔지니어 나 자신, 이들을 사용하여이어서 암호의 유형 그런 나쁜 아이디어가 아닐.
데비드 브레들리 // 2007년 4월 6일 7:34 pm에

화학자와 화학 엔지니어를 위해 비슷하게 완전히 하십시오, 나는 그들의 암호를 잊기의 공포 없이, 그러나 천문학자 은하와 별 카탈로그 수를 동등하게 또한 사용할 수 있었다 희망한다, 입자 물리학자는 그들의 QCD 방정식에 있는 기간을 위해 머리 글자를 이용할 수 있었다, 분자 생물학자는 유전자 순서를 사용할 수 있었다 또는 펩티드 etc. etc. 우리는 무언가에 여기에서… 무한한 uncrackable 암호…. 차례가 된ㄴ다는 것을… 나가 생각하는그러나 STM 인원만을 위해!
Tara (PassPack) // 2007년 4월 22일 11:27 AM에

여보세요,
이것은 암호를, 그러나 아주 강하기 위하여 선택하는이다, 좋은 방법 공간과 구두점을 (이것은 통행 어구이라고 칭한다) 포함할 필요가 있다. 예를 들면, "암호로 C47H51NO14 ″ 사용 대신에, 사용 "C47H51NO14는 싸운다 암을."

But here’s what I see happening: You make two or three of these strong(ish) passwords based on compounds that you readily remember and some variations based on a specific site’s requirements/restrictions.

Problem 1: Now you need to login into a site, and you need to remember which pass and variation you used. Start guessing…

Problem 2: You log into a website (ex. a forum) that doesn’t use HTTPS. Your password, no matter how strong it is, can be captured while it travels over the internet unprotected, and all other accounts where you’ve used that same password can be compromised… no skin off a hacker’s back to have his automated bots plug it into various banks and shopping sites to see if it works.

Regardless of how strong they are, reusing passwords is dangerous - and not reusing them requires more memory than the average person has. I suggest using a password manager, then setting your master password to something very strong like “C47H51NO14 fights cancer.” Then you store unique, strong, nonsense passwords in the password manager - no need to memorize them, just look them up.

Thanks for commenting in the PassPack blog. I’ll point a link to this reply there too so that others can benefit form the conversation.

Cheers,
Tara Kelly
Founding Partner
PassPack Online Password Manager
http://www.passpack.com
David Bradley // Apr 22, 2007 at 8:11 pm

That’s fair comment Tara. I did realize there were potentially problems with my scientific approach to passwords, but there are so many trivial sites one might want to login to too that a simple single word password is still pretty useful, but point taken on pass phrases and password managers.
Tara (PassPack) // Apr 22, 2007 at 11:46 pm

@David,
Sorry, did I come off preaching? Wasn’t my intention, I just tend to be wordy.

Cheers,
Tara
Choosing Passwords: Long is Strong « PassPack - The Blog // Jun 5, 2007 at 12:36 am

[…] of the more ingenious ideas I’ve come across is David Bradley’s Passwords for Scientists where he proposes using the molecular formula for various […]
Martin Wright // Jun 14, 2007 at 10:15 pm

I think this is a fantastic idea. Don’t be surprised if you see a similar idea at PassPub.com.
David Bradley // Jun 15, 2007 at 7:31 am

I’ll watch out for your version Martin. Don’t forget to give us a namecheck. Chemspider.com now has 14,700,000 entries, so there are plenty of chemicals to choose from.

d
Pam // Jun 15, 2007 at 2:59 pm

A lot of people write their passwords down or save them in a file on their computer, most people never change their passwords, and some people use the same password for everything including their banking. A bunch of chemical passwords seems a great and simple way to get around the problem, but those people who do the above probably won’t know about looking chemical formulas
Antony Williams // Jun 17, 2007 at 1:41 am

David, ChemSPider already has a few million new structures ready to add to the database and will likely be moved over onto the production database sometime in the next couple of weeks. We are hoping to hit 20 million unique compounds by end of this year…anyone out there that has any compounds, SDF files or access to structure databases that would like to see them made public please contact us at feedback@chemspider.com !
Martin Wright // Jun 28, 2007 at 10:53 pm

I’ve now created the Chemical Elements password at https://www.passpub.com/element.php It creates random elements as using a list of 14 million was too much of a challenge! But the basic principle is there. Please get in touch with any comments.

Thanks
Martin
David Bradley // Jun 29, 2007 at 7:36 am

Interesting thought Martin, nicely implemented, but your method misses the point by simply string together random element symbols and number that will just be as hard to remember as any other random string.

My concept is to use a real compound, Viagra or Rohypnol say, look up its chemical formula and us that as the password. For extra protection one could reverse the formula or make some other standard modification that only you would know. All one needs to remember is the compound name and that standard change.

How would anyone remember “Co9Pm4La9″? It’s just random elements and random numbers, there is no “cobalt promethium lanthanum” alloy as far as I know.
David Bradley // Jul 2, 2007 at 8:52 am

Martin at Passpub emailed me to say he’d have a harder time memorizing “cobalt promethium lanthanum” than â€œCo9Pm4La9â€³ which has pairs of letters interceded by a single digit.

Martin, yours is a nice implementation, but it’s just not as viable as my idea for making an easy to remember password.

Co9Pm4La9 doesn’t exist and what would it be called anyway, you essentially got a random string, but there’s no mnemonic.

In contrast, you can think of a compound name and simply look up its formula. The formulae for Taxol, aspirin, Viagra etc etc are readily available and unchanging.

My idea allows one to think of a compound and then get hold of what is essentially a pseudorandom string based on that name. Easy to remember the compound - aspirin, viagra, taxol, etc etc. In contrast, there is no chemical meaning to the random elements and numbers in your version. Actually, it would be easier to remember “cobalt promethium lanthanum” (which is not a real material anyway) than Co9Pm4La9. In fact if I were trying to memorize your password, I’d remember the element names and the number 949, rather than trying to recall CO-9-PM-4-LA-9 and then recalling that they’re elements and making the second letter lower case.

I did say my technique was for scientists, didn’t I?
Tara (PassPack) // Jul 3, 2007 at 9:00 am

Hi all - while Martin seems to be a nice guy - he’s not at PassPack… he’s at PassPUB.

Cheers,
Tara
PassPack Founding Partner
David Bradley // Jul 3, 2007 at 9:36 am

Whoops, sorry about that Tara. Edited my comment now.

db
Martin Wright // Jul 3, 2007 at 9:42 pm

I maintain that the chemical elements provide a useful pattern for remembering a password but accept that for a particular audience it would be feasible to provide actual compounds for people to use.

P.s. if you wanted a mnemonic password you would use https://www.passpub.com/mnemonic.php!
David Bradley // Jul 3, 2007 at 9:50 pm

Yeah, you’re probably right, but for a non-scientific audience there probably are better mnemonics than elements and compounds anyway

db
Ronda // Aug 9, 2007 at 7:25 am

I like the way you get scared in the last paragraph But it would be impossible!

This is an excellent idea. Thank you for sharing!
Michael Griffey // Jan 22, 2008 at 10:34 pm

Not long ago, a fellow programmer suggested the use of keyword combinations to make up a password. Like (If(x=4)Then{DoSomethingCool;}). That would be hard to crack with a human brain. Like your idea of complex formulas this is a poor idea.

I don’t know anyone who tries to crack passwords with a human brain. Modern crackers use things like keywords, dictionaries, and complex algorithms. If a hacker where to attack a bank, it would be wise to check banker terminology first to find the passwords of bank employees. You give a higher ranking to words, formulas, and thoughts known to the user. If you are not a programmer, then “System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile”, or “While(x<=24)y(x)=x*8EndWhile” would constitute as highly secure passwords. We have to constantly evolve our way of thinking. If I could link your username on this site to you, the first thing I would try is the method you openly endorse. You limit your calculation to 64 Alfa characters and 10 numeric characters, making your passwords easier to crack. If I where to ever attempt to crack a password, I would use dictionaries that relate to the field of study of the user first. Password length far surpasses complexity. Food for thought.
David Bradley // Jan 23, 2008 at 8:05 am

Michael, first off, I don’t actually use this method

More to the point though, I didn’t limit the users of my approach to a particular string length and there are some very, very, very long chemical formulae out there. Take an obscure protein, cut hypothetically into a medium-sized peptide, lop off the ends and you’d still have a password of many characters that would not be found in any dictionary. Knowing the field in which someone works might be fine for trying to hack a plumber’s website or that of a garage mechanic, but a protein chemist’s dictionary is not going to be quite so apparent.

db
David Bradley // Jan 23, 2008 at 8:08 am

Michael, first off, I don’t actually use this method

More to the point though, this approach does not limit the password to a particular string length, and there are some very, very, very long chemical formulae out there. Take an obscure protein, you’d only have to cleave it hypothetically into a medium-sized peptide and you could have a 31 character password that would be found in no dictionary.

Knowing the field in which someone works might be fine for trying to hack a plumber’s website or that of a garage mechanic, but a protein chemist’s dictionary is not going to be quite so obvious.

db
ladnaan // Feb 21, 2008 at 6:07 am

i for got my passward please help me
David Bradley // Feb 21, 2008 at 7:28 am

For what did you forget your password Ladnaan, hotmail? There’s a password reminder system for hotmail, give it a try. But, if you hadn’t registered a secondary address and cannot remember your password reminder you may be stuck.

db
Kin // Mar 11, 2008 at 7:45 pm

Here’s a point why fake elements might work too. If you’re bad at numbers you can try something like

dicobolt triphosphate
Co2(SO4)3

Now, not checking if that works or anything, but at least for me I can’t remember symbols and really only manage with uppercase letters and numbers. On the otherhand, a phrase like dicobolt triphosphate is not so hard.
David Bradley // Mar 11, 2008 at 10:49 pm

Interesting point Kin, did you mean to write sulfate, however?

db
Kin // Mar 12, 2008 at 12:39 am

Whoops! Sure did. Well, actually, I meant to write PO4. But either way, I wrote wrong.

On another note, you can work this method into stages of security.
Again, not best example, but:
dicobolt (Co2) for your unimportant sites that still require a password, and dicobolt triphosphate for more secure sites.

Like currently I have a basic password with a few number variations (Three ones, or one three before and after the phrase, eg) on my basic websites. The stages stop an automatic everything lost scenario of if your password is taken.
David Bradley // Mar 12, 2008 at 8:14 am

Your numbers idea is basically the same as my adduct to the passwords for scientists idea. As others have said the more complicated the obfuscating mental algorithm you apply to your password the less chance of it being guessed or brute-force attacked, but also the harder it is to remember.

db

과학자를 위한 암호

2007년 3월 30일 · 데비드 브레들리의

이제까지는 27의 응답 ↓

Leave a Comment

Related Posts

Social Media

Site Support

Latest CareerBuilder Jobs: Science - Orem, UT, US, 84097 - 30 mile radius

Past Posts

Sig Figs Translated