Password Difficulties
Ben Goren
ben at Tux.Music.ASU.Edu
Sat Jul 2 11:12:52 PDT 1994
On Sat, 2 Jul 1994, joshua geller wrote:
> [. . .]
> > It boils down to this: I can't remember as many bits as the TLAs can
> > crack by brute force.
>
> I generally choose things like (no, this is not a real one):
>
> Rare steak tastes good when it is cooked over a wood fire. better than
> chicken. better than fish. good with worcestershire sauce.
You can improve entropy even more, and still keep it memorable, by doing
something such as the following:
Rare 513AK tastes g))d when it is c))K#D over a wood fjord.
BETTERthanCHICKEN....
Using poor or improper English--or some other language--will also help.
So now, we might have:
Viva dA5 bu0n) Rare 513AK tastes w3#l it when 15 c))k#D....
You, of course, will have to be the judge of how much mutilation you can
remember.
And note that, while such changes will help with passphrases, any
sophisticated dictionary/algorithm-based password (>8 charcters) cracker
will be able to guess most of them. "f43d" is no more secure than "fred."
Better to hit random keys on the keyboard or use a true random number
generator--flip a coin 56 times to get a 7-bit ASCII string, more if you
get control characters--to get your eight characters, and just force
yourself to remember it. Even something like "g&*3VkjH" is memorable--I
did use that one for a couple weeks some months ago.
Speaking of which, are there any /bin/passwd plugins that use
passphrases rather than passwords? Or should I be a good cypherpunk and
write some code?
> [. . .]
> josh
b&
--
Ben.Goren at asu.edu, Arizona State University School of Music
net.proselytizing (write for info): Protect your privacy; oppose Clipper.
Voice concern over proposed Internet pricing schemes. Stamp out spamming.
Finger ben at tux.music.asu.edu for PGP 2.3a public key.
More information about the cypherpunks-legacy
mailing list