The password is like a melody. Generating strong passwords in musical chords

Despite the popularity of password managers, no one cancels the need to actually remember long, strong passwords. As a last resort, the master password for the password manager itself must be remembered.

Unfortunately, human memory is not designed to remember completely random characters, including letters in different cases, numbers and special characters. The best professionals on World Memory Championship use association and fantasy to build a story plot in which successive cards or numbers are associated with various objects and actions. In the form of a story, you can remember a very long sequence of events (random symbols) the first or second time.

But there are simpler methods.


Firstly, instead of generating random characters, you can remember several words or a long sequence of relatively related words (almost the same story with a plot). This ensures sufficient entropy of the password, that is, resistance to brute force.

This generation method became especially popular after the famous comic by Randall Munroe about password strength:

The comic book author modifies an existing word, increasing the resulting entropy. A special online phrase generator can help in generating unknown (non-existent) words to further increase entropy Correct Horse Battery Staple.

The generator code is published on Githubit uses a cryptographically secure random number generator, which it recommends using instead of the standard Math.random().

Alternatively, you can come up with or learn a little-known poem, at least a few lines. A large number of words should add up to a fairly high entropy as a whole, despite the relative weak entropy of each individual word.

You can also mention Diceware – a method for generating passphrases using five dice (cubes) as a “hardware” offline random number generator (list of words in Russian).

Password as a melody

And recently they came up with another interesting method for generating and remembering strong passwords –

in the form of a melody

. Many people may find it easier to remember a melody than a phrase.

In general, the point is to use musical notation symbols instead of a random set of absolutely any characters. That is, instead of numbers there are intervals, instead of letters there are chords, etc.

Here is a short list of available modern musical notation symbols for use as passwords:

  • Base tone: A, B, C, D, E, F, G

  • Flat/sharp: b, #

  • Intervals: 1 → 13, m7, Maj7, sus2, sus4, dim7, etc.

  • Dashed line (bar): |, !, l (lowercase L), I (uppercase i)

Online

chord player

allows you to hear how they sound. There you can also see the chords of famous songs. If something is not on the list, information is available on the Internet at

specialized sites

.

In principle, instead of generating your own password melody, you can use existing ones. This provides additional protection against forgetting. It’s enough just to remember which specific composition is the “donor” for chords/notes – and password symbols. In the future, this melody can always be found in Internet archives or restored from memory (in the case of a well-known hit), so the password will never be lost, but it will be extremely difficult for attackers to guess this method of encoding information until I integrate this method into John the Ripper and other software for intelligent brute force passwords.

For example, the Miley Cyrus song Flowers represents alternation of five chords Am7Dm7GCmaj7, but it's a pretty weak password. Another chord progression DMaj7|Fsus2|G#9 (Ab9 = G#9) already much more stable (entropy can be checked in the service Password Checker from Kaspersky), but remembering and reproducing it is not difficult if you play it once in the player.



Musical notation for recording a melody on a clay tablet from Babylon (modern Iraq), 1400 BC. e., source

If you think about it, music (singing) was invented by mankind much earlier than writing. So this is an even more organic way for the brain to perceive and remember information than these “newfangled and incomprehensible symbols.” Just a few generations ago, the vast majority of the world's population was illiterate. At the same time, songs and music are thousands of years old. People recognize familiar melodies while still in the womb; this skill does not require education. In other words, even an illiterate person can remember a very complex “password”. He just can't do it write down independently in modern musical notation, but the information itself is not essentially lost, it just requires decoding.

PS If the brute force software starts enumerating chords as individual symbols, then the entropy of such passwords will have to be calculated using a different formula, based on the total number of unique chords 4017that is, the combination of two chords gives 4017² possible combinations, three chords – 4017³, etc. These are much more realistic numbers for brute force, so for reliability you will need to add other musical notation symbols to the password, in addition to passwords.

In any case, music is an interesting and unusual format for storing text data.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *