There is a saying: never implement your own crypto. The problem is, that such attempts are based on misunderstanding of the threat model, insufficient knowledge and experience to see weakness, and mistaking own inability to defeat the solution with its strength. Let me paint a picture to explain this. Kids are often mimicing the world of adults. They may build a “safe” from paper, draw a pinpad on it &c. In their eyes this is a perfectly valid method of protecting their tiny savings! You, as an adult, know that it will not work. The paper safe will be torn apart by a thief. But… actually the threat model is wrong too: the thief will take their laptop
(1), and will never care about the few dollars
. Unless you are an experienced cryptographer, attempts to build your own security will be not different than that safe made of paper.
Humans are horrible at generating good passwords. Never trust your brain — it is too weak to be able to make a decent password. Whatever you come up with, most likely it is already shared with many other people. Your “super unpredictable password” is much less unpredictable than you think. Some real-world statistics: I once checked passwords in a service I was administrating. 30 most popular passwords were shared by 3% of all users: about a half thousand accounts.
Passwords should never be shared between services. An algorithm to modify the password seems like a good idea, because it fulfills that requirement. Unless you are a victim of an attack targeted at you personally, no one will try to guess the algorithm — it’s not how large scale attacks work nowadays. So is this a perfect solution? Unfortunately… no. It tries to protect against a non-existent threat (making it hard to derive a password from another one), while the actual danger is never addressed. The problem is, that the outcome of such an algorithm is expected to be a dictionary password anyway — no matter how many and how complex steps you employ. You just produce a series of weak passwords. Your algorithm might even be unbreakable, but a typical attacker will never touch it. They will go straight with the dictionary attack or reverse brute-force. You might try to check the password at
Have I been pwned, but even that has limited use. The result of that check is not “is certainly not safe / is certainly safe”, but “is certanly not safe / is possibly unsafe”.
And all that under an assumtion, that your algorithm is good. As with generating passwords, the brain is bad at making password-modifying algorithms. This is evident in how people periodically change their passwords. And your algorithm must work both spatially — across services — but also in the time dimension. If your employer is a victim of a targeted attack, the intruders will guess your new passwords if they are modified by an algorithm. You may imagine, that adding more steps will be better. It is not: you are just requiring much more effort from yourself, withou introducing much complexity from the mathematical point of view. That’s why you do not see new encryption algos being developed by adding more steps. From perspective of mathematics, this is a single(!) bijective operation no matter what you do. Oh, and this is yet another point: you would have to prove that the algorithm is a bijection. Otherwise you will be slowly losing entropy with each generated password.
Adding digits, replacing characters with look-alikes, changing some letter to uppercase is not very useful. Depending on the method use, it gives 1–2 bits of entropy per step. This is close to nothing, considering that a random 8-character password is 48 bits and this is considered absolute minimum. Human-generated passwords of that length barely reach 20 bits.
What you want is a password that has high entropy. There are two well known methods, that work:
- Generate random characters. This gives a relatively short password, but you have no chances of remembering it.
- Systems like diceware, which with 4–6 words give good, easy to remember passwords.
Unfortunately diceware doesn’t solve the problem of remembering
many passwords. So the best strategy is to have some kind of non-brain password storage and remember only a few passwords you really have to type by hand. You may do that using either a password manager or an encrypted file. The problem with files is that they may quickly become hard to manage and, if used with standard text processing tools, are far from perfect — they may leak the passwords. This is why password managers have been invented. A response to the problem. I haven’t seen any better option yet.
An additional bonus of not having to remember passwords? You can’t be forced to give them away, unless someone has your passwords database. For example you can’t put a gun to my head and expect me to give you access to my bank account. Even if I would like to, I have no option to do so.
Also, obligatory
XKCD 936.
____
(1) For the sake of example let’s ignore current trends in developed countries: electronics becoming less and less wanted by thieves.