Password Creation and Security

Discussion in 'Technical' started by Clyde, Aug 18, 2005.


  1. Clyde

    Clyde Jet Set Tourer Administrator Founding Member

    I have been asked in the past how to make a password that is difficult for someone figure out , but not so difficult that you can't remember it. It is actually, quite simple.

    Start with a sentence or song verse you can remember:

    Rudolph the Red Nosed Reindeer had a very shiny nose becomes

    rudolphtherednosedreindeerhadaveryshinynose

    Then you start making changes over time (years) to make it more complicated for someone to figure it out. These changes do not change the verse, just what the letters look like:

    R's will become + signs while o will become @

    +ud@lphthe+edn@sed+eindee+hadave+shinyn@se

    Then you can continue to make changes (over time) and even add another verse to make it more difficult, here U's become [ and e become 3, s becomes 7 and e becomes % I add another line (and if you ever saw it you would even say it glows):

    +[d@lphth%+3dn@7%d+d%%+hadav%+7hinyn@7%andify@u%v%+7awhimyo[w@[ld%v%n7ayitgl@w7

    That is about a 72 character password that has 256 different possible characters for each letter. Good Luck to even the best computers to figure that one out.

    The trick is to only make one small chage and start small. My current password for things I don't want anyone to see is 37 characters/letters/symbols/numbers long. I make about 1 change a month. Perhaps a new word. Change one letter, etc.

    You have 256 potential characters on your keyboard. By doing this, you are creating an encrypted password for your password.

    Also, Never write the pasword down. You have to memorize it.
     
  2. ghostrider

    ghostrider Resident Poltergeist Founding Member

    People that can't remember passwords, or have to have several that change every 90 days, I steer toward " one hand" passwords. Look at your keyboard:
    uiop0)
    uiop[]
    asdf1!
    qwerty1!.
    As Clyde points out, to change one thing, move to the next character.
    qwerty2@
    qwerty3#
     
  3. TLynn

    TLynn Monkey+++ Moderator Emeritus Founding Member

    ghost - that's a good thought (because I have to change 2 passwords at work every 90 days), unfortunately though they won't let me do that. Got to be more different than that.

    On the other hand some of my passwords are so out there that if anybody figures them out - more power to them.

    My passwords this time around are 18 or 19 characters long including one number plus some form of other character /\+- etc.

    And I never write down my passwords. Not for work, or home, banking or anything. And none of them are the same.

    Someday it's going to bite me in the posterior though...because I'm going to run out of things I can actually remember.
     
  4. E.L.

    E.L. Moderator of Lead Moderator Emeritus Founding Member

    I know the feeling TLynn. I have about ten-12 passwords for work that I use daily, and others that I use less frequently. Between pin numbers for bank/credit cards, Gov. phone card, e-mail accounts, etc. etc. etc. it is all getting to be too much. I even have another password for my training/coursework, and to get to it I have to go through four others. When does the madness end?????
     
  5. melbo

    melbo Hunter Gatherer Administrator Founding Member

    biometric chip
     
  6. Aptus

    Aptus Monkey+++ Founding Member

    I like the very first password concept from Clyde. However, the qwerty and uiop are bad choices because they are are easy for dictionary-hacking programs to guess. Basically, it's good to make a pattern on your keyboard that you can memorize, just don't use something as easy as qwerty. Also, numbers tacked onto the end don't do much good. They need to be intermixed, and try to get a few special characters ( ! @ #$ % etc) in there as well.

    For a much better explanation on creating very strong passwords, I like the article at http://www.princeton.edu/~protect/BasicConceptsAndTips/Passwords/StrongPasswordTechniques.shtml which ties in well with Clyde's concept. Be sure to check out the links on the top of the page for more password information.
     
  7. monkeyman

    monkeyman Monkey+++ Moderator Emeritus Founding Member

    One of the things I like to do is study a bit of linguistics and learn at least a little bit of some various dead languages like say Apachee, Galic, Saxon, etc. and then spell words from those languages phoneticly, granted a program that goes through al kinds of random stuff to find it will still defeat it but if they are that dedicated there isnt a whole lot you can do other than haveing sensitive info stored in ways totaly inacessable to the web.
     
  8. Brokor

    Brokor Live Free or Cry Moderator Site Supporter+++ Founding Member

    I use ancient Egyptian and mystical phrases, spelled out in Hebrew to English.



    Ain't gonna crack that.
     
  9. melbo

    melbo Hunter Gatherer Administrator Founding Member

    THe thing about passwords and encryption is that they still crackable in a few minutes using a Super Computer and brute force.

    Even the longest passords and Encryption algorythms can be solved. The only "Unbreakable": (In fact, steer wide of any crypto application which advertises itself as Unbreakable) codes are "One Time Pads. OTPs are very tedius to create and use. And , you cannot use a PC nrmally to make them because even Random Number Generators still tend to be unrandom. Makes sense because all PC functions are Math, which is very unrandom.

    This project is truly random as it takes random atmosheric noise from Space and turns it into numbers:
    http://www.random.org/nform.html

    You can also use a coin or dice to create 'random numbers'

    I'm an advocate of Strong Encryption. But, you need to be aware that it is not unbreakable. The reason I often stress this is that many times, Encryption or a strong Password creates a false sense of security.

    Then again, are you ever going to be subject to an NSA Cray trying to get into your system? Prolly not and I suspect they have backdoors into most things anyway that make the Brute Force attack unecessary
     
  10. Quigley_Sharps

    Quigley_Sharps The Badministrator Administrator Founding Member

    Good info guy's, I like using songs and guitar chords and notes to songs.
    everyone of them are a part of a song
     
  11. melbo

    melbo Hunter Gatherer Administrator Founding Member

    Ok
    :D Mr. Plays Guitar to the Login Screen....
     
  12. Quigley_Sharps

    Quigley_Sharps The Badministrator Administrator Founding Member

    [​IMG]
     
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7