2

Imagine that you would like to write down your passwords or other critical information into a sheet of paper.

Could an algorithms without using a computer be so good as to avoid people of cracking it? There seems to exists some secret code messages that weren't discovered for centuries. So, theoretically it sound plausible, but how would I proceed?

Quora Feans
  • 1,059
  • Secret coded messages not discovered for centuries were presumably using a technique called steganography, or hidden writing, which is much sneakier than mere encryption. – dfeuer Aug 02 '13 at 23:51
  • Passwords should be easier to do, because the information is nonsense when decoded, so if you pick your passwords randomly to begin with, and then encode with a not-too-simple encryption, it should be okay. Encoding human-readable information this way would be a problem, though. – Thomas Andrews Aug 02 '13 at 23:51
  • 1
    Could be a good fit for: http://crypto.stackexchange.com/ (perhaps--I don't know 100%) – apnorton Aug 02 '13 at 23:58

1 Answers1

2

The simplest, and most secure, form of encryption is the one-time pad. This method is unbreakable, as long as no one discovers the source pad. This method is over a hundred years old, and was used extensively throughout the cold war with paper and pencil.

As long as you can memorize your pad, it's perfectly secure and requires no computers.

Emily
  • 35,688
  • 6
  • 93
  • 141
  • 1
    If you could memorize the one-time pad, you could memorize your password. So this solution really isn't applicable to the problem at hand. In fact, a secure one-time pad is very hard to memorize. – dfeuer Aug 03 '13 at 00:11
  • @dfeuer This depends on the number of passwords you have. If you have, say, 20+ passwords, memorizing a single one-time pad might be easier. – Emily Aug 03 '13 at 00:13
  • @Arkamis In order to be secure, a one-time pad has to be one-time. If it's $n$ bits long, you can't use it to encrypt more than $n$ bits of information, ever. So, your one-time pad would have to be as long as all 20 passwords combined. – Daniel Franke Aug 03 '13 at 17:04
  • Yes, that's true. But it still is a simplification over memorizing every password when you consider the combinatorics. For example, I have about 7 passwords I use for various accounts (including variations induced by requiring numbers, upper-case letters, etc). My cable bill auto-pays. I can never remember which password goes to that account. I remember each and every single one of my 7 passwords, but not necessarily which goes to where. A one-time pad cipher could allow me to memorize the same amount of information, but would spare me the risk of choosing the wrong password too many times. – Emily Aug 03 '13 at 19:18
  • @DanielFranke: nope, I have been researching and you can re-use the one-time pad, as long as you encrypt random text (and only random text). See: http://crypto.stackexchange.com/questions/2264/can-i-use-a-one-time-pad-key-twice-with-random-plaintext. Although, it still will need n bits for each n bits of encrypted string. So, if I am right, Arkamis could, for example, encrypt his 7 random passwords of length 15 with one one-time pad of lenght 15. – Quora Feans Aug 04 '13 at 16:49
  • @QuoraFea If all the passwords are random, then the pad can't be recovered by a ciphertext-only attack. But if the attacker knows any one password (e.g., if the attacker is the administrator of one of the 20 websites, or compromises one of their databases), then he can trivially use that to solve for the pad and immediately recover all the other passwords. – Daniel Franke Aug 04 '13 at 17:12
  • @DanielFranke: but only if he had access to one password and to the other encrypted passwords. But imagine a real-life situation: you have your x passwords written down and memorize only your OTP. You count on one site being cracked XOR you losing your note, but not on both. – Quora Feans Aug 04 '13 at 17:29
  • @QuoraFea You're not wrong, but this still a pathetically weak security guarantee compared to what cryptologists expect of any "real" cipher. See http://en.m.wikipedia.org/wiki/Semantic_security – Daniel Franke Aug 06 '13 at 00:18