CDR: Re: Is kerberos broken?

[sunder]

Sampo A Syreeni wrote:
> 
> >For myself, I often use as pass phrases memorized phrases from
> >literature. Which ones? Well, I read four languages, and I do the
> >number/letter and symbol/letter substitutions, so I feel secure even
> >revealing that clue.
> 
> Good for you. Most people never go to even that much trouble. But I still
> think that dictionary searches on, say, all consequtive subsequences of
> 6-200 characters in the top 100 most likely to have been read books of a

I tend to just string up lots of characters, so my passphrases look like this:

 ^#.;Odfi9 at 7f$}'~%42w0,m:Qe_|33+\  and so on.

How do you memorize this?  You break it up in chunks, memorize each chunk, then link them together.  And then you type it in a lot
of times the first few days you use it.  It's not that hard.  If you don't use it on a daily basis, the danger is in forgetting it.

Yep, most people would have a coronary before accepting the above as a passphrase.  Fuck'em.  They deserve the security they're
willing to provide themselves.

Passphrases from books are nice, but if they're all text, they're a hell of a lot easier to brute than the above.  Especially if you
have the texts in electronic form.

-- 
----------------------Kaos-Keraunos-Kybernetos---------------------------
 + ^ + :Surveillance cameras|Passwords are like underwear. You don't /|\
  \|/  :aren't security.  A |share them, you don't hang them on your/\|/\
<--*-->:camera won't stop a |monitor, or under your keyboard, you   \/|\/
  /|\  :masked killer, but  |don't email them, or put them on a web  \|/
 + v + :will violate privacy|site, and you must change them very often.
--------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------