kilabit.info
Simple | Small | Stable | Secure

Salt and pepper

Wondering how many account do we have today on the internet, from Yahoo to Google, from MySpace to Friendster accounts. How do you manage all those account password ? Use one-for-all password? Like th15 or p455w0rd, or your name?

Some of us maybe like to use their name, child name, or birth date, because it's memorize-able. That's ok, as long as you don't have any private or credential information while communicating or browsing.

Some of us use what they call "OpenID". From user perspective, it easy and manageable but from security view, no. The problem is it use one-for-all password. Once your password is hacked, all of your OpenID accounts is "open" for attacks, not to mention any others problem.

Or maybe you use password like this 'ax23sd239dj1390sdm9323', every time you want to log in to a web site you open your wallet, unfold a little white note and read the password :) That is good, really good. Now, if you cannot login because of typo or the white note is missing, don't blame me.

~ ~ ~

On cryptography there is a concept called "salt". Salt is added to the "key" or "password" so the result is much yummy, sorry what I mean is, make it not easy to break. But my point here is not about cryptography, but how do we use a 'salt' concept in daily use on internet so we can have different password for each account. Not even just on internet.

In example, we have an account on www.jackpot.com with user name: johndoe.

The trick is simple, really simple. Pick any combination of character to use as a salt. Don't pick any meaning word (especially English word or your mother language), pick a random one, like 'bhunjimko'. See, if you look at your keyboard now those random character have their own pattern.

Now combine this salt with website name, and as option your user-name, result:

bhunjimkojackpotjohndoe

easy, eh ;)

You can mix those three words in any pattern.

As easy as it sound, one salt is not good enough. You should use two salt, one salt for character only and another salt for a number only. The most good one is two salt with mix of character and number. Another example that I use,

zxcvbnmyahoo1337
zxcvbnmgmail1337
mnbvcxzmyspace1337
mnbvcxzfs1337

If I want to login to yahoo I just need to see to the keyboard, that's already provided the 'salt' for me, and I just need to remember the four number.

Now, I just need to enter my login name…​ my login name…​ hmmm…​ damn it I forgot my login name!