1994-07-02 - Re: Password Difficulties

Header Data

From: Ben Goren <ben@Tux.Music.ASU.Edu>
To: joshua geller <joshua@cae.retix.com>
Message Hash: a09f25b3233c62fae5e764c448afdf20c583fbac8984555f30f9ff92ab6b11ac
Message ID: <Pine.3.89.9407021039.A4740-0100000@Tux.Music.ASU.Edu>
Reply To: <199407020739.AAA04202@sleepy.retix.com>
UTC Datetime: 1994-07-02 18:12:52 UTC
Raw Date: Sat, 2 Jul 94 11:12:52 PDT

Raw message

From: Ben Goren <ben@Tux.Music.ASU.Edu>
Date: Sat, 2 Jul 94 11:12:52 PDT
To: joshua geller <joshua@cae.retix.com>
Subject: Re: Password Difficulties
In-Reply-To: <199407020739.AAA04202@sleepy.retix.com>
Message-ID: <Pine.3.89.9407021039.A4740-0100000@Tux.Music.ASU.Edu>
MIME-Version: 1.0
Content-Type: text/plain


On Sat, 2 Jul 1994, joshua geller wrote:
> [. . .]
> >   It boils down to this: I can't remember as many bits as the TLAs can
> >   crack by brute force.
> 
> I generally choose things like (no, this is not a real one):
> 
> Rare steak tastes good when it is cooked over a wood fire. better than
> chicken. better than fish. good with worcestershire sauce.

You can improve entropy even more, and still keep it memorable, by doing 
something such as the following:

Rare 513AK tastes g))d when it is c))K#D over a wood fjord. 
BETTERthanCHICKEN....

Using poor or improper English--or some other language--will also help. 
So now, we might have:

Viva dA5 bu0n) Rare 513AK tastes w3#l it when 15 c))k#D....

You, of course, will have to be the judge of how much mutilation you can 
remember.

And note that, while such changes will help with passphrases, any 
sophisticated dictionary/algorithm-based password (>8 charcters) cracker 
will be able to guess most of them. "f43d" is no more secure than "fred." 
Better to hit random keys on the keyboard or use a true random number 
generator--flip a coin 56 times to get a 7-bit ASCII string, more if you 
get control characters--to get your eight characters, and just force 
yourself to remember it. Even something like "g&*3VkjH" is memorable--I 
did use that one for a couple weeks some months ago.

Speaking of which, are there any /bin/passwd plugins that use 
passphrases rather than passwords? Or should I be a good cypherpunk and 
write some code?

> [. . .]
> josh

b&
--
Ben.Goren@asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben@tux.music.asu.edu for PGP 2.3a public key.





Thread