Easy-to-remember and almost secure
By Charles Miller
I have read several books on the same subject recently, each chronicling the escapades of the Allied code breakers of Bletchley Park and their deciphering of the Enigma cipher machine used by the German military during World War II. The English code breakers were quite successful in deciphering enemy communications and in so doing it is believed by many that they significantly shortened the war.
Of particular interest to me was one of their tools; the Colossus Mark I was built using 1,500 valves (vacuum tubes) and was the first practical application of a large-scale program-controlled computer. It is regrettable that all of the Colossus computers were destroyed after the war to protect their secrets and their story was nearly lost to history.
The job of Colossus was to determine the German Enigma machine code wheel settings, basically the “password” the Germans used to encode the messages sent back and forth between military commanders. By 1943 the Bletchley Park code breakers had determined how to break the Enigma code using sheer brainpower, but this usually took days using pencil and paper and so what was needed was some way to automate the process. Colossus could process 5000 instructions per second and at that speed it took a half hour to do a job that had previously taken days to complete by hand. Computers have gotten incredibly faster in the last few decades. Today a typical, personal computer could theoretically do that same job in much less than a second. I hope that gives you some idea of the computing power present day crooks have at their disposal today when they start trying to crack your password.
This fact does not bode well for computer users today who insist on using short easy-to-remember passwords for their email accounts and other purposes. In the past it was easier to rely on the fact that a password could be cracked, but that it would take so long to do so that nobody would bother. The present reality is that a password that might have taken months of computing time to crack using the slower computers of two decades ago can now be broken in hours. This creates the need to use longer passwords that are harder for modern computers and software to crack. As inconvenient as it might be, you really need to use a password with a minimum of fifteen characters, the longer your password the better.
Another lesson the history books teach us is that code breakers look for sequences of letters which commonly occur. Crooks today know people like to use their mother’s maiden name and other easy-to-remember sequences as passwords. A “dictionary attack” simply involves checking your password against combinations of every word in the dictionary plus every name appearing in the phone book plus place names in the world atlas.
The Bletchley Park code breakers were cleaver enough to find a certain sequence of ten letters that appeared in practically every intercepted German message: It is hard to stop those Nazi officers from inserting a “H-E-I-L H-I-T-L-E-R” somewhere in their message, and knowing those ten letters were there in that order greatly aided the code breakers at Bletchley Park in deciphering the rest of the message.
What cryptologist know today is that in choosing a password you do not want to use a word or name found in any dictionary; and that includes any dictionary in any language. The crooks trying to guess your password have copies of all those dictionaries, and given enough time they will eventually find the word(s) you used. So, using a short name such as “Fido” for a password is out, but something like “Fido8Fido7Fido6” should be easy-to-remember and almost secure, for now.
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981 and now practically a full-time resident. He may be contacted at 044-415-101-8528 or email FAQ8 (at) SMAguru.com.