Reconstructing the past to crack your passwords
I successfully managed to remember a passphrase I feared to have forgotten forever. The systematic approach that I followed is laid down here.
When I chose a passphrase to secure my secret OpenPGP key, I went for an unconvential phrase. I thought it to be so sticky that I would never forget it. However, an entire month went by without me needing the passphrase, which didn’t allow my neural network to reinforce the memory. The passphrase was lost. Recreating one was an option I didn’t want to consider.
A couple of hints greatly reduced the number of permutations in question:
- How the passphrase began and ended
- The structure of the passphrase
To remeber a past secret, the goal is to enter the same mindset you had back then and to think about new passphrases. Because you are still the same person, the probability that you are going to come up with the same options as before is very high. The closer you are in time to the event when you created the passphrase, the higher the probability of recreating the same passphrase. This is due to our environment shaping our thoughts over time. The less time passed and the less you changed as a person.
So I reconstructed the situation I was in when I first created the passphrase, physically and mentally. For me it meant to sit on my usual chair, working on the same computer, in front of the same screen, with the desk in similar conditions. I went through my browser history to figure out what I was thinking of when I created the passphrase. I wrote each possible string on a sheet of paper (with the same pen), even when I knew that it couldn’t be the right one. One string led me to the next one, until I recreated the correct passphrase. It took me two hours in total, one hour and a half on one evening and another half an hour the next day. Sleeping over it can have surprising effects!