On Sat, 2 Jul 1994, joshua geller wrote:
[. . .]
It boils down to this: I can't remember as many bits as the TLAs can crack by brute force.
I generally choose things like (no, this is not a real one):
Rare steak tastes good when it is cooked over a wood fire. better than chicken. better than fish. good with worcestershire sauce.
You can improve entropy even more, and still keep it memorable, by doing something such as the following: Rare 513AK tastes g))d when it is c))K#D over a wood fjord. BETTERthanCHICKEN.... Using poor or improper English--or some other language--will also help. So now, we might have: Viva dA5 bu0n) Rare 513AK tastes w3#l it when 15 c))k#D.... You, of course, will have to be the judge of how much mutilation you can remember. And note that, while such changes will help with passphrases, any sophisticated dictionary/algorithm-based password (>8 charcters) cracker will be able to guess most of them. "f43d" is no more secure than "fred." Better to hit random keys on the keyboard or use a true random number generator--flip a coin 56 times to get a 7-bit ASCII string, more if you get control characters--to get your eight characters, and just force yourself to remember it. Even something like "g&*3VkjH" is memorable--I did use that one for a couple weeks some months ago. Speaking of which, are there any /bin/passwd plugins that use passphrases rather than passwords? Or should I be a good cypherpunk and write some code?
[. . .] josh
b& -- Ben.Goren@asu.edu, Arizona State University School of Music net.proselytizing (write for info): Protect your privacy; oppose Clipper. Voice concern over proposed Internet pricing schemes. Stamp out spamming. Finger ben@tux.music.asu.edu for PGP 2.3a public key.