Passwords can be tough to remember. For example:
So Bob wants to make and use a good password for GPG that he never has to remember. He will rarely use this password (asymmetric encryption for off-line storage). When he needs it, he is going to generate his password with pencil and paper out of some key information that is stored in one place: his head.
He hopes to employ classical cryptography to turn what he has been unwilling or unable to remember into something that is available. How could Bob make a password strong enough for GPG by using classical methods?
Importantly, he wants to avoid "security" through obfuscation.
Some of the characteristics and principles behind the VIC Cipher came to mind (anyway):
- A 5-digit number (truly random)
67106 stretched to 10 digits, 67106 + (6+7=3) + (7+1=8) , etc.
- Memorized short phrase:
kantscriticalphilosophy (using the first 20 letters).
To make a long story short, following Bob's process, mostly like that of the VIC cipher (chain addition, creating permutations of 1 to 0, digit addition without carries), we arrive here:
- Bob uses the straddling keyboard on his memorized long phrase:
ITISRAININGINAMSTERDAMBUTNOTINPYONGYANG and puts the result in a columnar transposition whose length is three (not a broken transposition).
Adds a pepper, if you will, at the end of the transposition rows: *^^ and
11=A, 22=B, etc., 111=a, 222=b, etc., 1111=!, 2222=@, etc.
With a little practice, it is not difficult to remember a process like what the VIC cipher uses.
Can a method like this create a password strong enough to use in, let's say, GPG?
What would a strong method using classical cryptography for password generation look like?