Start with a modern 3x3x3 speedcube that is easy to turn, so not Rubik's brand. There are many good choices of "budget cubes" under $5 these days. YouTube has many reviews. I used a Guanlong from Cubezz.
Each of the 6 faces has 4 corner stickers, so 24 corner stickers in total. Write 24 letters of the alphabet onto those 24 stickers. One nice possibility is to omit X and Z. Omitting B and Y is also a reasonable choice, as they are the hardest letters to reach when touch typing on a QWERTY keyboard.
Similarly, write 24 letters onto the 24 edge stickers. The center stickers remain unmarked. I drew an arrow on the white center sticker to help choose a canonical orientation, though this wasn't necessary.
I drew the letters oriented so that down is toward the center of the face they are on. They will stay in that orientation after scrambling.
Stickers, e.g., from a label maker or blank adhesive labels, might be better than permanent marker, which smears and rubs off.
Scramble the cube thoroughly. This is where using a speed cube is important, because they are much easier to scramble than Rubik's brand or others even worse. A speed cube feels like playing with dough or clay, not needing layers to be well aligned before making the next turn.
Pick 1 face and read the 8 letters on the face as the 8 letter password. There are Permutation(8,4) * 3^4 * Permutation(12,4) * 2^4 possibilities, yielding 34.59 bits of entropy. 8 random letters from 26 would have yielded 37.6 bits of entropy, so the cube performs about 8% worse than that standard.
If you need more entropy, repeat the process, or better, spend another $5 and create another password-generating cube. The latter allows having the whole 2 (or more) part passphrase in front of you while typing it. But 35 bits of entropy (1 cube) ought be plenty if you have key stretching and lockout after a small number of failed attempts. Reading other faces for more entropy is possible, though there are diminishing returns due to it being a permutation and ultimately parity issues. Maybe read 4 more side stickers, yielding 14.7 more bits of entropy (down from 18.3 bits if the 4 letters (from 24) were uniformly, independently, and identically distributed).
After recording the password (perhaps compose a memorable phrase), scramble the cube again to destroy the password on the cube. Again, having a speed cube is useful for thoroughly and quickly destroying the plaintext password.
Previously similar idea: mark up a deck of cards.
No comments :
Post a Comment