Analyzing Enigmaze

Enigmaze

Contents

  1. Preface
  2. Introducing Enigmaze
    1. Example grid
  3. Password strength
    1. Number of guesses attacker can make
    2. What attacker knows about password
  4. Using grid
    1. Paths
    2. Other shapes
  5. Making password stronger
    1. Shared prefix
    2. Modify grid
  6. Conclusion
  7. Links

Preface

My comments in KickStarter presented Enigmaze in far too negative light and were written without enough consideration. Since I can't change those comments or add a follow-up comment, I am writing this article to hopefully do a better job of analyzing Enigmaze.

I am not a security expert. I am a programmer with good knowledge of math and some knowledge of this subject.

Introducing Enigmaze

Enigmaze is a printed book with 77 different hexagonal grids used for creating and storing passwords.

Example grid

For examples here I will be using this example grid which has same size as Enigmaze grids according to some images I've seen. This has been created by myself and is not one of the actual Enigmaze grids. Grid has 17 rows and 12 characters on each row selected randomly from a set of 90 characters: numbers, alphabets and these 28 characters: !"#$%&()*+,-./:;<=>?@[]^_{}~. I don't know if Enigmaze uses these exact characters, but it seems to be close.

Password strength

Password strength is a combination of many factors.

Number of guesses attacker can make

If you have a password which would require one million tries from attacker to guess it, and you use it in on a website which prevents all login attempts after 3 wrong passwords, then your password would be quite strong in defending your account. Attacker would only have 1 in 300'000 change of guessing it before login is prevented.

On the other hand if website allows attacker to try 1 password every second indefinitely, then attacker would need one million seconds (about 12 days) to guess your password. This is quite weak but if the website is of low value to attacker he might not be willing to spend 12 days to get your password and you can remain safe.

And finally if website is breached and attacker can get his hands on the actual database of hashed passwords, then he can use dedicated hardware to guess passwords extremely quickly, even thousand million per second, and he could guess your password within one second. (Speed depends on actual method used to store passwords.)

What attacker knows about password

Password strength also depends on what methods can be used to guess the password.

Consider password Rw!%LxLNr3jjwhich has 12 characters.

If attacker only knows that user has a password which can use any of the 90 characters I mentioned above, then he would need to try all possible combinations to guess it. He would most likely start from short ones, first trying all 1-character passwords (90 different), then all 2-character passwords (90*90 = 8100 different), then 3-character passwords (90*90*90 = 729'000 different) and so on. There are 285602902059438202247190 different combinations of 1-12 characters and even trying thousand million per second would take millions of years. So this password would be secure.

But if attacker knows that password was somehow generated using my example grid, he would not try all possible combinations. He would try to think of different ways this grid can be used, and most likely would again start from simplest ones which are fastest to check. Just taking a random row from grid is perhaps simplest of all. For one grid there are 17 possibilities and for 77 grids there are 77*17 = 1309, and after trying them all attacker would know this password since it is just one row from the grid.

Using grid

Paths

Here are few ways to create a password using path.

I created a small program Password Grid to calculate how many paths like these can be created from different grids.

There are few things to consider here, for example path length and how many turns path should have. Longer path and more turns will make path harder to guess but also harder to remember.

Also when creating password from overlapping path (black example) you could use overlapping character(s) several times, which makes password longer but with less randomness. Or you can use it just once. For my calculations I will use latter approach so that black example creates 8 character password since "M" is used only once.

If you want a password of 8 - 20 characters with non-overlapping path, then with 77 different grids, by just using a straight line (blue) there are about 160'000 possible paths. With one turn (cyan) there are 8.7 million, with two turns (green) 210 million and with three turns (red) 3150 million different paths.

With up to 25% overlap allowed there are 7000 million different paths with three turns.

Other shapes

Instead of a complex path which can be hard to remember, other shapes can also be used to create passwords. While "happy face" is too well known to recommend it, if you can think of a shape which you can easily remember and is not too easily guessed by others, it might be a good alternative to paths.

Complex shapes also allow more ways on how to construct password from given shape. For example the "happy face" shape above could mean password e&%:yE9y or e&y9Ey:% or many others.

Making password stronger

If attacker knows the grid(s) you are using, anything extra you add to the password so that it is not found directly from the grid(s) will make attackers job harder.

Shared prefix

A simple way to make passwords much stronger while still keeping them easy to remember is to use a short shared prefix. It is important that such a prefix is not selected using same grids you use for passwords and also is not written down anywhere near your password grids, so that attacker would need to try all possible prefixes in order to guess your password.

For example a secret 4-character prefix created randomly using 90 different characters would make any password at least 90^4 = 65'610'000 times harder to guess.

I wrote "at least" because that number assumes that attacker knows you are using two-part password with a prefix and then second part which is created using grid(s). If he doesn't know that, he could try finding whole password from grid (which is impossible because it can't be found there) or guessing it without grid (which is also impossible if password is sufficiently long, see section "What attacker knows about password").

So if you have an initial password which would require 1'000'000 tries from attacker to guess it and you add such prefix to it, attacker would now need at least 65'610'000'000'000 tries. Even with one million tries per second attacker would need over two years. In extreme case where attacker can try thousand million guesses per second he could learn password within a day.

Many ifs there, so in practice such password would be quite secure.


Example calculation using Password Grid.

Modify grid

While the Enigmaze grids are fixed, you can create a secret rule by which you "modify" grid when creating passwords from it.

For example you could decide that when creating password, you change case of every letter on grid. So if grid has lowercase letter you use corresponding uppercase letter in password and if grid has uppercase letter you use lowercase letter.

Instead of changing every letter, you could change only first or last letter. Or maybe change only letters on even rows.

Conclusion

After playing with numbers a bit it is clear that Enigmaze is useful and can be used to create strong enough passwords for many uses.

The question of how easy to remember they are is harder and depends on person, so I'm not going to consider that much. If I were to use something like this to store several passwords, I would most likely use a shared prefix to strengthen passwords and also to allow me to use simpler and easier to remember patterns when selecting passwords from grid.

Links