A literature search offered the advice that safe passwords were best generated by thinking up random passwords and never writing them down. A practical problem is that people do not generally "think up" random passwords and that the more "random" the password, the more difficult it is to remember. The practical result is that users will make up easy to remember passwords that too often fall into the clever heuristics of password guessers like crack .
Forgoing the "best" approach in favour of a realistic approach, the proposed method is
Users treating their passwords as carefully as their credit cards will be in the top one half of one percent of users. Users selecting passwords from a key space exceeding 40 bits or one trillion possibilities will also be in the top one half of one percent of users.
Repeatedly shuffle and cut a deck of cards until the deck is well randomized. Draw cards and assign letter values shown in the below table. Randomizing the letters in the table will not increase the randomness of passwords selected where the cards were well shuffled.
Now if the cards are not well shuffled so that sequences of cards remain intact between shuffles or the cards are re-interleaved in a semi-regular way, using a randomized letter ordering or applying some type of substitution algorithm to the generated password may weaken or obscure continuity between successive passwords. Readers with such concerns should seek stronger initial randomizing methods. The writer finds such concerns excessive for this method.
Several variations are described in the next section.
Our methods exclude most repetition to bypass complex issues of how repetition may help or harm randomness. The reader is left to decide if the more laborious methods are worth the extra effort.
The "number of bits" in x or the base two logarithm of x is computed as log(x) ÷ log(2.0).
This is the fastest method. Thoroughly randomize the deck by repeated shuffle and cut operations. There are no repeated letters with 52 ways to pick the first letter, 51 ways to pick the second letter and so on, the selected password is one of 52x51x50x49x48x47x46x45 possibilities (roughly 30.34 trillion or 44.78 bits).
Their are 52x51x50x49 or 6,497,400 possible quadruples. If we exclude repeated quadruples by reshuffling and redrawing, the key space is 6,497,400x6,497,399 possibilities (roughly 42.21 trillion or 45.26 bits).
Their are 52x51 or 2652 possible pairs. If we exclude repeated pairs by reshuffling and redrawing, the key space is 2652x2651x2650x2649 possibilities (roughly 49.35 trillion or 45.48 bits).
Drawing cards one at a time any allowing repeats yields a key space of 52^8 possibilities (roughly 53.45 trillion or 45.60 bits). Note that "aaaaaaaa", eight "a"s, is a valid "random" password in this key space. Unfortunately crack will find it in minutes.
Using an alphabet of 52 upper and lower case letters plus
ten digits and two other characters or any set of characters
you please, the key space is roughly 281.47 trillion or 48.00 bits.
This completes the outline of generating passwords using a deck of playing cards.
Some years ago, when the writer was president of the Calgary Unix Users' Group, CUUG, we received multiple complaints of port sniffing originating from CUUG machines. Our system administrators traced the activity back to one member's account. The member was of good reputation and very unlikely to be the snooper. No evidence could be found of the account being hacked. After some further research, it was discovered that the member's password, mouse1, was conveniently stuck on his monitor with a yellow sticky note and that his teenage son and son's friend were the perpetrators. The member had initially been unwilling to believe that his son would do such a terrible thing. The member was counseled and assigned a permanent password.
This combined with other security events lead our Chief System Administrator to begin running the crack password guessing utility to evaluate member password security. The first few minutes of running crack produced several humourous and appalling hits:
Clearly we needed a simple and convenient way for members to generate strong high quality passwords. This method requires minimal apparatus (a deck of playing cards), is easy to implement, and users can readily understand and verify the security of the method.
The result was favourably received by the membership.
This tutorial is a rework of that email.