Entropyzer.au3 - help with generating and memorizing very good passwords

[peneus]

As we all know, good passwords are long and complicated. But you should not write them down, so they are very hard to memorize. And you may have many, many of them in different places. What to do?

Here's what I suggest:

1) Use an easy "password" for each purpose, e.g. "facebook" for Facebook. You might even write down these easy passwords without risking much, because of the next steps in this proposal.

2) Memorize a standard PIN code which you each time concatenate with you password, e.g. "facebook" & "mu7T" ---> facebookmu7T. You really must memorize the PIN code, but do not write it down anywhere. You always use the same PIN code. Always. Of course you can use whatever standard method for combining the password and the PIN code.

3) Of course you could stop here, but there's more to come: Create a "salt" text file with e.g. 40 truly random characters on the first line, and store it on your USB stick or any drive on your computer. Put it into the root directory with the name "salt.ent".This is your key file, which you keep secret, and you should perhaps print it on paper and store it in a safe place for backup purposes. But luckily you never have to memorize the contents of the file.

4) Concatenate the "facebook" & "mu7T" with the contents of the random salt text file, and stuff the result through the SHA-1 hash function. The result is total gibberish, but it is always the same given the same input.

5) Convert the result from step 4 into printable characters, and apply another round of SHA-1 hashing (just to make the password longer, more complicated, and hopefully more secure).

6) Convert the result from step 5 into printable characters, and you have a very good password which you can generate again and again if you just remember "facebook" and "mu7T", and if you have the random salt text file (your key file). But you need all of these, so we have quite a lot security involved.

7) Copy the password from step 6 into clipboard, and then do whatever you wish with it. You may also wish to empty the clipboard when done.

Here's the AutoIt script for making it all happen.

Entropyzer.au3

Comments?

peneus

[peneus]

I made some small improvements, if anyone is interested

- the main window now appears even if no salt file is found

- an error in the $chars variable is fixed (it contained "0" twice, removed the other one and added "_" in the end)

- $chars & $chars & $chars is now followed by & "A" (or whatever symbol you choose) to make it 256 chars long

- because of the $chars length change, the test for rejecting hex ff in the hashed string can be removed from the code

I also thought that actually you can forget the PIN code stuff altogether if you are sure that the salt file (key file) is kept secret.

peneus

Entropyzer.au3