From: Mike Johnson second login <exabyte!gedora!mikej2@uunet.uu.net>
To: Eli Brandt <gedora!uunet!jarthur.cs.hmc.edu!ebrandt@uunet.uu.net>
Message Hash: de11ebed9ee660b4e3aa30e8774c3d87cc74036d6351460f7f19d8a414472a77
Message ID: <Pine.3.89.9407051145.D3813-0100000@gedora>
Reply To: <9407022117.AA06795@toad.com>
UTC Datetime: 1994-07-05 18:15:21 UTC
Raw Date: Tue, 5 Jul 94 11:15:21 PDT
From: Mike Johnson second login <exabyte!gedora!mikej2@uunet.uu.net>
Date: Tue, 5 Jul 94 11:15:21 PDT
To: Eli Brandt <gedora!uunet!jarthur.cs.hmc.edu!ebrandt@uunet.uu.net>
Subject: Re: Password Difficulties
In-Reply-To: <9407022117.AA06795@toad.com>
Message-ID: <Pine.3.89.9407051145.D3813-0100000@gedora>
MIME-Version: 1.0
Content-Type: text/plain
On Sat, 2 Jul 1994, Eli Brandt wrote:
> > It boils down to this: I can't remember as many bits as the TLAs can
> > crack by brute force.
>
> Have you *tried* to memorize these long passphrases? I pick ones that
> are substantially too complex for me to memorize in one trial. So I
> write the candidate passphrase on paper until I have a grasp on it,
> then burn the paper, scatter the ashes (yes, literally), and begin to
> use the passphrase. My experience is that once I've successfully
> remembered a phrase two or three times, I will not forget it.
> ...
I have actually tried memorizing truly random passwords of 8 characters
or longer (generated with a paranoid program similar to PGP 2.6's
excellent technique). I've found that if I review it enough, that I find
patterns and mnemonic clues in such passwords that help me to remember
them. I don't imagine too many people will go through that effort, so I
still think that a longer pass phrase that sort of "makes sense" is
better for a PGP key. Still, I do use the truly random passwords on
publicly accessible Unix systems like CSN, since that makes dictionary
attacks improbable.
Return to July 1994
Return to “Mike Johnson second login <exabyte!gedora!mikej2@uunet.uu.net>”