|Master Grid Key||Master Grid Key|
|HERE IS SOME TEXT IN THIS ELEMENT!||HERE IS SOME TEXT IN THIS ELEMENT!|
|I i L l J j O o 1 0|
Although the grid generation and formatting controls above are straightforward, the guidance provided below may be useful:
Google Chrome browser users will need to use some other (any other) web browser to print their OTG grids.
Under Chrome, the OTG grids display beautifully. And Chrome is so fast and web standards compliant that I used it extensively while developing the OTG code. But for printing? . . . it's an inexplicable failure.
For reasons that none of the hundreds of people posting and voting in open Google forums can understand, even though Google's Chrome browser is (at the time of this writing) at version 15, it remains unable to print web page background colors. This is not a small failing. It's astounding. Since I'm a fan of Google's Chrome browser project I look forward to being able to remove this entire section from this page. But I cannot do so yet. (And please DO let me know as soon as this problem is resolved!)
For additional information about printing the grid's useful background colors in other browsers, please see the appropriate section below.
How much “Grid Key Entropy” is enough? (This is an important issue, so I've given it plenty of coverage.)
The primary source of security provided by our Off The Grid (OTG) encryption system is the incredibly large number of 26x26 Latin Squares from among which your single Square will be chosen. So many Squares are possible that mathematicians armed with the latest technology do not know how many there are. They are only able to set a lower bound on the number, stating that there are at least 9.337 x 10426 Latin Squares of size 26x26 possible. This incredibly large number makes it effectively impossible for attackers to deduce your single unique Square from among all of those possible, even when given many clues from any reasonable amount of “leakage”. (For a detailed analysis of OTG security see the “Security & Attack Analysis” page.)
The “Master Grid Key” field above is as large as it is, not because it needs to be or should be filled, but because it can be if that's your wish. Here's the deal: With SO INSANELY MANY possible Latin Squares available, the only way to “get to” all of them, is to use a pseudo-random number generator that also has an insanely large “sequence space”. Since no common pseudo-random number generators do, I had to design an ultra-high entropy pseudo-random number generator (UHEPRNG) to meet that need.
But now we need to specify which single Latin Square out of all of those that are possible, we wish to use. And the only way to do that, if we want to be able to potentially access any one of over 9.337 x 10426 different possible Squares, is to use a “Master Grid Key” having at least as much possible entropy as our UHEPRNG can hold.
One way to think of it is, if your Master Grid Key were a single numeric digit from 0 to 9, you could generate exactly ten different Latin Squares, one for each possible numeric digit 0 to 9. So the only way to access, for example, the 10426th Latin Square is with an input “Key” that's long enough to express a value that large.
If you press the “Generate Maximum Entropy Master Grid Key” button at the very top of this page, a key containing 1,681.88 equivalent bits of entropy — which is sufficient to specify any one of the known-possible Latin Squares — will be generated and provided to you. However, my feeling is that this is massive overkill. It's obviously impossible for any normal human being to memorize that totally random 256-character key. So if you wished to be able to re-generate your personal OTG grid at any future time, you would need to copy the key, and paste it into a file for safe keeping, or at the very least print it and hope that you can re-enter exactly the same way again.
“More” isn't always better if more is a hassle and if “less” is plenty.
The only known way to attack the OTG system is the same as with any strong cryptosystem when all other avenues have been exhausted: a “brute force” attack. “Brute forcing” the OTG system requires the attacker to step through all possible input keys, trying each one. For each key tried, the corresponding OTG grid for that key must be generated, then the resulting grid used to convert a domain name into its matching password. The practical trouble with doing that is that the creation of each OTG grid requires a truly HUGE amount of processing. Modern cryptosystems have been selected to be fast so as to minimize the overhead imposed upon the systems using them. While the usage of an existing OTG grid could be automated to be incredibly fast, the generation of each OTG grid from its key is incredibly time consuming. Consequently, attacking the OTG system with brute force grid generation will be far more computationally intensive and thus slower than attacking other modern cryptosystems, such as the AES/Rijndael cipher.
So, brute forcing the OTG system is the only apparent means of attacking it, and doing so would be much slower than brute force attacking a modern cipher such as AES/Rijndael. Now consider that a randomly chosen 128-bit key is considered entirely safe and secure for AES/Rijndael. With AES/Rijndael being far faster to brute force than the OTG grid, and 128-bits of key length security is regarded as ample security for it . . . This means that a similar randomly chosen 128-bit key would be far more secure for use by the OTG system, since trying each possible key will require so much more processing for grid generation than is required for AES/Rijndael key setup (scheduling) and encryption or decryption.
Haystacks to the Rescue!
If you're not already familiar with our “Password Haystacks” concept, for easily strengthening memorable passwords, you'll definitely want to check it out. It's relevant here because the OTG system allows you to use grid selection input passcodes of effectively any length. This means that you can bury your own memorable and manageable passphrase (or passphrases) within a far longer string of padding characters . . . and no attacker will ever have any way of knowing that's what you did.
Of course you can simply use an insane 256-character Master Grid Key if you store it in a file using copy & paste to save and recall it for any future need. But you really don't need to. If you would prefer to invent something sufficiently but comfortably long, and perhaps use some haystack-style padding to push it way out past any feasible brute forcing range, that will provide all the security necessary. Once you have enough security for total safety, more can just be a burden.
The grid printing user interface (above) provides a carefully chosen selection of 36 very different typeface fonts for use in generating OTG grids to be printed. Any fonts having potentially confusing look alike characters were carefully eliminated, and the variety among those remaining should satisfy anyone's taste.
However, there are attractive and useful fonts that are not available under license for web distribution, and so could not be included here. Most of these are platform-specific and are, therefore, only available on “your” platform, whether Windows, Mac, or Linux. To accommodate their use, the “User Font” option in the user-interface converts the font listing and selection control into a free-form text field where you may enter the name of “locally-installed” font you wish to use, then click the button at the right of the field to apply your request.
Note that unavailable or misnamed fonts will not generate any errors. Instead, the system will silently substitute its default font, which is typically the serif “Times New Roman”. This should be easy to detect, since you won't see the font you were trying to obtain. Fonts installed in Windows are located in the “Fonts” folder inside the system's “Windows” directory. You can determine the exact font name to enter into the OTG User Font field, by double-clicking on your desired font file located in the Fonts directory. This will open the font in the Windows font viewer shown below:
The font's registered system name is found in the “Typeface name” field shown highlighted above.
Obtaining Custom BOLD Fonts
For the built-in fonts, bold variations are listed alongside their non-bold and other appearance variations (expanded, condensed, etc.) For user specified fonts, emboldened variations can be obtained, when available, simply by adding the word “bold” to the font name field.
By default, web browsers (other than Opera) do not print the background colors or images appearing on web pages. Since GRC's web site uses white backgrounds, its pages will printed correctly by web browsers that deliberately leave colored backgrounds white and unrepresented. But the OTG grid uses background coloration as a visual aid to help clarify its usage, render the grid less cluttered and increase the accuracy of its usage. All browsers will display this coloration, but most browsers need to be configured to print this helpful coloration.
To see whether your chosen web browser will print OTG grids with background images, you can use your browser's “print preview” to see what would be printed without wasting a sheet of paper. Since Google's Chrome browser refuses to print backgrounds and apparently cannot be reconfigured, you will need to use another browser for OTG grid printing. But if you are not using Chrome, and you do need to reconfigure your browser to print backgrounds, the following browser-specific instructions provide a quick reference for finding the background printing configuration settings for all major web browsers:
• Internet Explorer:
• Mozilla Firefox:
• Apple Safari:
• Google Chrome:
Not to beat a dead horse, (okay, perhaps we are beating it a bit) but in case you have somehow managed to miss its several mentions above, Google's Chrome web browser apparently has no option, not even a deeply hidden setting, to allow background colors or images to be printed. Fortunately, all Windows users will have a copy of Internet Explorer lurking around somewhere (even if [hopefully] rarely used), just as all Apple Mac users will have Safari available. Or, in the worst case, the free and excellent Firefox web browser could be downloaded and used. So, if only for the rare need to print an OTG grid, another non-Chrome web browser can be used.
Gibson Research Corporation is owned and operated by Steve Gibson. The contents
of this page are Copyright (c) 2014 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson