1. Purpose:

    This utility is designed to solve the following problem:

    Some web service providers have a need to authenticate users. This requires the web service provider to establish login credentials for authorized users, i.e., a user name and password. The need to authenticate requires web service providers to establish reasonable and prudent password policies for their own and their users' security and continuity of service.

    Each web service provider may have a unique password format with which users must comply by selecting a password which meets certain minimum requirements, referred to herein as a "conforming password", e.g., to prevent dictionary-based "brute force" attempts to gain unauthorized access. Some websites require conforming passwords to contain both upper and lower case characters, some require the use of numbers, and some require the use of special characters. Or, web service providers may not require, but rather allow, the use of both upper and lower case characters, numbers, and special characters. In addition, the allowed special characters may vary from website to website.

    Compounding the problem, web service providers require passwords to be changed on some variable basis to another conforming password. Users frequently have a short time to determine what conforming password is memorable because they may not be informed that a new password is required until the next time they log in and discover their password has expired, or are informed by a website that there has been a security incident and that a password change is required.

    A lack of a reliable authentication standard and lack of standard password format requirements causes users to write down their passwords, requires web service providers to make provisions for users forgetting their login credentials, and encourages the development of alternate methods of storing passwords, e.g., via the "Password Manager" in Firefox.

    The use of "passphrases" is often advanced as a possible solution to this problem, however, passphrases are an inelegant solution, and their demand on the user differs little from that required by a secure password. The user may have to remember, for example, the passphrase, which letters have been converted to numbers, which letters have been capitalized, and which letters have been converted to special characters, or where special characters have been inserted. In addition, the use of passphrases does not allow a user to quickly and easily generate conforming passwords.

    This utility generates passwords which appear random, but are not, in fact, allowing the use of memorable words and phrases to generate conforming passwords, based on the combination of letters, digits, and special characters required or allowed by the web service provider, and the selection of some fixed parameters by the user. Users may record these memorable words and phrases, or, alternately, record the page and paragraph number of a favorite book, phone book, or any other source of text which is common, relatively accessible, and easy to index.

    In addition, the combination of a relatively small number of memorable essential elements of information may itself be done in accordance with a personal algorithm, so that not even access to the information which is written down is adequate to reconstruct the password. For example, users may leverage the ability of this utility to strip invalid special characters from a string to allow combinations of user name and URL to be used to generate passwords, or users may double-up, reverse, or otherwise obfuscate the key used to encrypt the plain text and generate the password.

    It should be noted that the purpose of this utility is not to generate a secure password. The purpose of this utility is to allow users to combine something they have, i.e., a document recording their choices, with what they know, i.e., their personal algorithm, to generate a conforming password which appears random.

  2. Parameters:
    1. type

      The cipher type.

      Select one of the following values:

      1. Keyword substitution cipher.
      2. Vigenere cipher (DEFAULT).
      3. Autokey cipher.
      4. Running key cipher.
    2. base

      The base plain text alphabet.

      Select one of the following values:

      1. 26 characters [a-z]: 'abcdefghijklmnopqrstuvwxyz'.
      2. 36 characters [0-9],[a-z]: '0123456789abcdefghijklmnopqrstuvwxyz'.
      3. 62 characters [0-9],[A-Z],[a-z]: '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz' (DEFAULT).
    3. special

      Special characters.

      '@_-.' (DEFAULT).

      Enter additional characters to modify the selected base plain text alphabet.

    4. keyword

      The key word.

      Enter any arbitrary combination of characters. Intermediate variable 'keyword' is extracted from this value.

      The key word is used to generate the unique key word, ciphertext alphabet, and tabula. The key word is required for type: 'Keyword substitution cipher'. If no key word is provided for the other types, the tabula is based on the cipher text alphabet, which is based on the unmodified plain text alphabet.

    5. key

      The cipher key.

      Enter any arbitrary combination of characters. Intermediate variable 'key' is extracted from this value.

    6. plaintext

      The plain text to encipher.

      Enter any arbitrary combination of characters. Intermediate variable 'plaintext' is extracted from this value.

  3. Intermediate variables:
    1. plaintextAlphabet

      The plain text alphabet.

      The plain text alphabet is generated by inserting unique special characters, in ascending ASCII order, into the base plain text alphabet selected by parameter 'base'.

    2. keyword

      The unique key word.

      The unique key word is generated by first extracting valid characters, then unique characters, from parameter 'keyword', in the order in which they occur in parameter 'keyword'.

    3. ciphertextAlphabet

      The cipher text alphabet.

      The cipher text alphabet is generated by appending all characters of the plain text alphabet not used by the unique key word to the unique key word in the order in which they occur in the plain text alphabet. This is algorithmically identical to generating the first row of the tabula recta, below.

    4. tabula

      The tabula recta.

      The tabula recta is generated from the cipher text alphabet. The first row of the tabula is identical to the cipher text alphabet, above. Each succeeding row of the tabula is shifted one character to the left from the preceding row. The number of rows and columns in the tabula recta is identical to the number of characters in the plain text or cipher text alphabet.

    5. key

      The valid key.

      The valid key is extracted from valid (but not necessarily unique) characters of parameter 'key'. Valid characters are those characters which are present in the plain text alphabet. The valid key operates on the cipher text alphabet differently, in accordance with parameter 'type'.

      Although a key may be arbitrarily long, in practice it is not an advantage if the length of the valid key is significantly greater than the length of the intermediate variable 'plaintext'.

      1. Keyword substitution cipher.

        A key is not required. Any value entered here is ignored.

      2. Vigenere cipher.

        If the length of the valid key is zero, the user is informed that a key is required.

        If the length of the valid key is greater than zero, but less than the length of the intermediate variable 'plaintext', the valid key is appended to itself until the length of the valid key is greater than or equal to the length of the intermediate variable 'plaintext'. The valid key is then truncated so that it is equal in length to the intermediate variable 'plaintext', and used to encipher intermediate variable 'plaintext' using the tabula recta.

        If the length of the valid key is greater than or equal to the length of the intermediate variable 'plaintext', the valid key is used to encipher intermediate variable 'plaintext' using the tabula recta. There is no difference between the Vigenere cipher and running key cipher if the length of the valid key is greater than the length of the intermediate variable 'plaintext'. Therefore, the user is informed that the type is effectively a "Running key cipher" if the length of the valid key is greater than the length of the intermediate variable 'plaintext'.

      3. Autokey cipher.

        If the length of the valid key is less than the length of the intermediate variable 'plaintext', the intermediate variable 'plaintext' is appended to the valid key and the result used to encipher intermediate variable 'plaintext' using the tabula recta.

        If the length of the valid key is greater than or equal to the length of the intermediate variable 'plaintext', the valid key is used to encipher intermediate variable 'plaintext' using the tabula recta. There is no difference between the autokey cipher and running key cipher if the length of the valid key is greater than the length of the intermediate variable 'plaintext'. Therefore, the user is informed that the type is effectively a "Running key cipher" if the length of the valid key is greater than the length of the intermediate variable 'plaintext'.

      4. Running key cipher.

        If the length of the valid key is less than the length of the intermediate variable 'plaintext', the user is informed that type: "Running key cipher" is invalid. If type: "Running key cipher" is selected, no cipher text will be produced until the length of the valid key is greater than the length of the intermediate variable 'plaintext'.

        If the length of the valid key is greater than or equal to the length of the intermediate variable 'plaintext', the valid key is used to encipher the intermediate variable 'plaintext' using the tabula recta.

    6. plaintext

      The valid plain text to be enciphered.

      The plain text to be enciphered is generated by extracting valid (but not necessarily unique) characters from parameter 'plaintext', in the order in which they occur in parameter 'plaintext'.

  4. Output:
    1. ciphertext

      The cipher text.

Last updated: Tuesday, 16 November, 2010

Home > Encryptor