Friday, June 22, 2018

An Awesomely Good Bad Password

You would think that “Let's try again” (without the quotes) would be a horrific password but “Let's try again” is a fantastic password. Granted, for almost every use case the password is pretty bad, but I have a use case that makes the password quite satisfactory. What makes this password so good?

The answer is steganography. Steganography is the art of hiding information in plain sight. So, you might say that it is not well hidden since I just told you that it is a password, but you might be wrong. What if “Let's try again” is a decoy? It is not a decoy. Perhaps another phrase in the blog is the real password.

The truth is that there is one person in the world who knows to look here for a password to decrypt something. The contents of the encrypted item will be fairly temporal. Even if the item is decrypted by the wrong party then any potential damage will be contained. Now I could have hidden the password in the picture below, but I didn’t. I will be writing a couple of blogs on steganography in the near future, and I will use an audio file that clearly shows how secret messages can be sent in files.

For now, my work is done. The one person in the world who needed the password now has the password. The encrypted container will soon be destroyed.

Welcome to the world of steganography, it’s even more fun than “Fun With Flags!”

The Internet is pointless without cats. Mrs. Mewer was a sweet heart.

Randy Abrams
Senior Security Analyst