[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Password Difficulties

To: Eli Brandt <[email protected]>
Subject: Re: Password Difficulties
From: Mike Johnson second login <[email protected]>
Date: Tue, 5 Jul 1994 11:52:21 -0600 (MDT)
Cc: cypherpunks list <[email protected]>
In-Reply-To: <[email protected]>
Sender: [email protected]

On Sat, 2 Jul 1994, Eli Brandt wrote:

> > It boils down to this: I can't remember as many bits as the TLAs can
> > crack by brute force.
> 
> Have you *tried* to memorize these long passphrases?  I pick ones that
> are substantially too complex for me to memorize in one trial.  So I
> write the candidate passphrase on paper until I have a grasp on it,
> then burn the paper, scatter the ashes (yes, literally), and begin to
> use the passphrase.  My experience is that once I've successfully
> remembered a phrase two or three times, I will not forget it.
> ... 

I have actually tried memorizing truly random passwords of 8 characters 
or longer (generated with a paranoid program similar to PGP 2.6's 
excellent technique).  I've found that if I review it enough, that I find 
patterns and mnemonic clues in such passwords that help me to remember 
them.  I don't imagine too many people will go through that effort, so I 
still think that a longer pass phrase that sort of "makes sense" is 
better for a PGP key.  Still, I do use the truly random passwords on 
publicly accessible Unix systems like CSN, since that makes dictionary 
attacks improbable.

References:
- Re: Password Difficulties
  - From: Eli Brandt <[email protected]>

Prev by Date: Re: [email protected]
Next by Date: Offshore Banking
Prev by thread: Re: Password Difficulties
Next by thread: Re: Password Difficulties
Index(es):
- Date
- Thread