[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Password Difficulties
On Sat, 2 Jul 1994, Eli Brandt wrote:
> > It boils down to this: I can't remember as many bits as the TLAs can
> > crack by brute force.
>
> Have you *tried* to memorize these long passphrases? I pick ones that
> are substantially too complex for me to memorize in one trial. So I
> write the candidate passphrase on paper until I have a grasp on it,
> then burn the paper, scatter the ashes (yes, literally), and begin to
> use the passphrase. My experience is that once I've successfully
> remembered a phrase two or three times, I will not forget it.
> ...
I have actually tried memorizing truly random passwords of 8 characters
or longer (generated with a paranoid program similar to PGP 2.6's
excellent technique). I've found that if I review it enough, that I find
patterns and mnemonic clues in such passwords that help me to remember
them. I don't imagine too many people will go through that effort, so I
still think that a longer pass phrase that sort of "makes sense" is
better for a PGP key. Still, I do use the truly random passwords on
publicly accessible Unix systems like CSN, since that makes dictionary
attacks improbable.