Posted by: Ken Harthun
Encryption, off the grid, paper encryption method, Password Haystacks, passwords, Perfect Paper Passwords, Security
I use Last Pass and Steve Gibson’s Password Haystacks to create super-secure passwords. I also own and use a Yubikey for secure, two-factor authentication. I’m not overly-paranoid about my sensitive information–I just feel that I’m taking reasonable precautions that everyone should follow. However, there are those who don’t even trust trustworthy services like LastPass and want nothing to do with any of their passwords or encryption keys being stored on line. I guess I understand that, though I consider it a bit unreasonable.
There’s good news for the completely paranoid amongst us, however. Steve Gibson has created the only known system to provide secure encryption using nothing but a specially designed piece of paper: Enter “Off The Grid: A paper-based system for encrypting domain names into secure passwords.” While the system uses technology to set up the grid, nothing is stored and no other software is involved. There is always the concern that since modern encryption technology relies upon software running on various devices, there is a risk of security vulnerabilities that can lead to compromise of your system. The beauty of “Off the Grid” is best described by its inventor:
“Off The Grid” converts any website’s name into a secure password that you never need to write down, store, or remember because you can easily re-create the same secure password from the same website name the next time, and every time, you need it.
Websites are routinely compromised with their users’ logon identity (eMail address and password) stolen. So reusing the same password on separate websites creates a tremendous risk because bad guys could obtain your eMail address and password from one site, then logon as you somewhere else with your reused password.
The “Off The Grid” system securely and uniquely encrypts each website’s domain name into your personal password for that one site, so it automatically creates a different secure password for each website and reuse never occurs.
Is that beautiful, or what?
I tried it and it is very easy to use; however, it’s not completely ready for prime time yet, as Steve explains on this page:
. . . a KEY requirement for the practical use of this system is that you should be able to recreate and reprint, perhaps in different sizes, fonts, character spacing, etc., YOUR own unique grid, not only now, but at any time in the future. To enable that, the final version of this page — which will be forthcoming shortly — will provide you with a matching randomly generated cryptographic KEY that you will be advised to record and store securely. Then, at any time in the future, you will be able to reuse that unique KEY to recreate YOUR unique personal grid structure, while being able to freely change its shape, size, coloration, fonts, and so forth.
I am currently working to complete the remaining background web pages to fully document this “Off The Grid” system. Once they are complete, I will add the finishing technology touches to this grid generation and printing page.
In the meantime you can, of course, play with the technology. But since there is currently no way for you to recreate any of the grids that this page displays, you should not commit to any grid until the cryptographic keying technology has been added.
In the meantime, have fun with it!