From: Ben Goren <ben@Tux.Music.ASU.Edu>
To: joshua geller <joshua@cae.retix.com>
Message Hash: a09f25b3233c62fae5e764c448afdf20c583fbac8984555f30f9ff92ab6b11ac
Message ID: <Pine.3.89.9407021039.A4740-0100000@Tux.Music.ASU.Edu>
Reply To: <199407020739.AAA04202@sleepy.retix.com>
UTC Datetime: 1994-07-02 18:12:52 UTC
Raw Date: Sat, 2 Jul 94 11:12:52 PDT
From: Ben Goren <ben@Tux.Music.ASU.Edu>
Date: Sat, 2 Jul 94 11:12:52 PDT
To: joshua geller <joshua@cae.retix.com>
Subject: Re: Password Difficulties
In-Reply-To: <199407020739.AAA04202@sleepy.retix.com>
Message-ID: <Pine.3.89.9407021039.A4740-0100000@Tux.Music.ASU.Edu>
MIME-Version: 1.0
Content-Type: text/plain
On Sat, 2 Jul 1994, joshua geller wrote:
> [. . .]
> > It boils down to this: I can't remember as many bits as the TLAs can
> > crack by brute force.
>
> I generally choose things like (no, this is not a real one):
>
> Rare steak tastes good when it is cooked over a wood fire. better than
> chicken. better than fish. good with worcestershire sauce.
You can improve entropy even more, and still keep it memorable, by doing
something such as the following:
Rare 513AK tastes g))d when it is c))K#D over a wood fjord.
BETTERthanCHICKEN....
Using poor or improper English--or some other language--will also help.
So now, we might have:
Viva dA5 bu0n) Rare 513AK tastes w3#l it when 15 c))k#D....
You, of course, will have to be the judge of how much mutilation you can
remember.
And note that, while such changes will help with passphrases, any
sophisticated dictionary/algorithm-based password (>8 charcters) cracker
will be able to guess most of them. "f43d" is no more secure than "fred."
Better to hit random keys on the keyboard or use a true random number
generator--flip a coin 56 times to get a 7-bit ASCII string, more if you
get control characters--to get your eight characters, and just force
yourself to remember it. Even something like "g&*3VkjH" is memorable--I
did use that one for a couple weeks some months ago.
Speaking of which, are there any /bin/passwd plugins that use
passphrases rather than passwords? Or should I be a good cypherpunk and
write some code?
> [. . .]
> josh
b&
--
Ben.Goren@asu.edu, Arizona State University School of Music
net.proselytizing (write for info): Protect your privacy; oppose Clipper.
Voice concern over proposed Internet pricing schemes. Stamp out spamming.
Finger ben@tux.music.asu.edu for PGP 2.3a public key.
Return to July 1994
Return to “Mike Johnson second login <exabyte!gedora!mikej2@uunet.uu.net>”