1. Password generating

How to generate the ultimate password and store it offline as safely as possible.

✔ Factors:

➲ values
[list]
[] charset: a-zA-Z0-9!@#$%…
[
] alphabets: cyrillic, latin, hebrew, greek, syllabic etc.
[/list]

!NB Do not use alt symbols. They are often misread unsupported by most boards and sites. UTF-8 has issues interpreting them.

➲ length
[list]
[*] The default length which is used for brute-forcing numeric values is up to 13. Choosing a password of that length mitigates the possibility for a middle-sized brute-force attack.
[/list]

➲ range
[list]
[*] Use both ‘a’ and ‘z’ & ‘A’ and ‘Z’ at least once. Why? Mask attacks often work on the principle of known patterns. In terms of sparing resources, the attacker chooses to run an attack that checks alpha values ranging a-f, for instance. Same refers for numeric values and capitalization. Even the slightest repentance is posing a threat.
[/list]

➲ sequence
[list]
[*] The sequence of characters must not obey any pattern of alphabet order. This includes no repentance and a 100% random password.
[/list]

Good password: 0>]tIA9SbV6l
Bad password:
[s]Mnoxu.a<-,@!T[/s]*

✘ Sample passwords

tI<?gfnQNnCi` G2;!12f4l/f]q IZkC^Az"!b#/B OJnx7.a<-,@!T "T_Jl)4_Vs<+~

Image

Analysis for the password: ^P(/5<;=Ttj"7

➲ Time consumption

[list]
[*] The number of passwords to go through is 4.52175473e+025 or in other words 18 756 986 699 360 373 169 305 600 according to C (n, k) = Vkn / Pn. That would take approximately > 10 000 days (or ~27 years).
[/list]

Below is the success rate of the different types of attacks illustrated in this article. The time estimated is based on the average speed of 1 069 691 p/s. The total number of characters used in the exhaustive search attack is 94.

This results to even more than 33 years to process each combination under the nVidia model specified above.
For the record China’s supercomputer disposes with 32,000 Ivy Bridge Xeon CPUs.

Image

2. Safe Storage

Undoubtedly, the best way to keep your passwords safe from any worm or intruder is to write them down on a sheet of paper. That itself, however, is outside the scope of our objective and is not a subject of discussion in this document. In short, we need to apply both steganography and cryptography in order to guarantee ourselves a somewhat decent protection.

Steganography: ensures stealth and disguise
Cryptography: encrypts the password/s (optional)

❝ People rarely notice things right in front of their eyes ❞. In case you can’t think of a way to hide the passwords, simply use some wallpaper with loads of code or writings and write the passwords somewhere within it. Nobody would even think of looking into this especially for a password.

Another scenario could involve hiding the passwords within the source code of a file. For instance, make a file in some privileged directory and place the passwords amongst the hex values of it. The idea is to use a file that won’t get deleted or at least not purposely.

Image

Though, the scheme presented in this document is not entirely secure, it is considered for pre-intermediate users that are aware of what threats exist in the known web. Information laid out here is intended to ensure the secure authentication of the average user and a proactive defense against a widespread hacking method that is based on database look-ups. Notwithstanding what was mentioned so far and its obviousness, it is something that is often neglected as a precaution against hackers getting their hands on your passwords which may include access to your credit card or bank account.

Tips:

[list=1]
[] Follow the above guidelines
[
] Never reuse one password
[] Steganography wisely
[
] Do not install add-ons
[] Do not install random software
[
] Do not share accounts with Android devices
[] Do not share this document
[
] Format your drives
[*] Always have a plan B (back-up)
[/list]