Re: Password Difficulties

[Ben Goren <ben@Tux.Music.ASU.Edu>]

On Sat, 2 Jul 1994, joshua geller wrote:
> [. . .]
> >   It boils down to this: I can't remember as many bits as the TLAs can
> >   crack by brute force.
> 
> I generally choose things like (no, this is not a real one):
> 
> Rare steak tastes good when it is cooked over a wood fire. better than
> chicken. better than fish. good with worcestershire sauce.

You can improve entropy even more, and still keep it memorable, by doing 
something such as the following:

Rare 513AK tastes g))d when it is c))K#D over a wood fjord. 
BETTERthanCHICKEN....

Using poor or improper English--or some other language--will also help. 
So now, we might have:

Viva dA5 bu0n) Rare 513AK tastes w3#l it when 15 c))k#D....

You, of course, will have to be the judge of how much mutilation you can 
remember.

And note that, while such changes will help with passphrases, any 
sophisticated dictionary/algorithm-based password (>8 charcters) cracker 
will be able to guess most of them. "f43d" is no more secure than "fred." 
Better to hit random keys on the keyboard or use a true random number 
generator--flip a coin 56 times to get a 7-bit ASCII string, more if you 
get control characters--to get your eight characters, and just force 
yourself to remember it. Even something like "g&*3VkjH" is memorable--I 
did use that one for a couple weeks some months ago.

Speaking of which, are there any /bin/passwd plugins that use 
passphrases rather than passwords? Or should I be a good cypherpunk and 
write some code?

> [. . .]
> josh

b&
--
Ben.Goren@asu.edu, Arizona State University School of Music
 net.proselytizing (write for info): Protect your privacy; oppose Clipper.
 Voice concern over proposed Internet pricing schemes. Stamp out spamming.
 Finger ben@tux.music.asu.edu for PGP 2.3a public key.