Stronger password "correcthorsebatterystaple"

it states "correcthorsebatterystaple" is a strong password

http://www.youtube.com/watch?v=1Sj-TeEfRxY

 

is this password strong enough

wilderswalmartforumsales

 

I wouldn't use it. No caps, no numbers, or other non alphabetical keys. My understanding is incorporating all of those make for the better passwords. The best are unfortunately the hardest to remember. Truly randomized.

 

Yes, it is. The longest password in the world won't protect you from a dev stupidity, though.

 

This is an excellent site in learning about password strength.

https://www.grc.com/haystack.htm

You can try a number of combinations and see their respective strength. You can also see how strong a few common words (including the spaces between them) can not only be easy to remember, but very secure as well.

Enjoy. -SA Jack

 

Diceware strong master password generation method.

@SA Jack: Unfortunately, Mr. Gibson is demonstrably wrong in that article. See Those meters that rate password strength work, until they don't for more details.

 

Depending on the site/meter, I've had the same password example rated Medium, Strong, Very Strong.


----
rich

 

No. It is a combination of four dictionary words and password crackers software already incorporate this type of passwords in their list of attempts.

 

Diceware passwords now need six random words to thwart hackers

 

25 char password is good enough, even if it's four random words.
Just don't use one long word or something (well) known like 'SayHelloToMyLittleFriend'. Or 'correcthorsebatterystaple'.
Use something specific, known only to you.
Dictionary attacks don't go as far as up to having tables of all possible combinations of 4 different words, afaik.
Some will argue that $kK#!111LLllagR0___7820RttFF is better. But it's a bitc* to remember.
Arguably, it's stronger. Your opponent will need a kazillion kazillion livetimes instead of just one kazillion to crack the pw.

 

It won't be a strong password anymore if you spam it all over the internet. Or when the service database got hacked.

That is what Davy Jones created password managers for.

 

Password managers don't help for your FDE (TrueCrypt/LUKS) passphrases. Those you want to remember, and be able to plausibly forget.

"How Candide was brought up in a beautiful castle, and how he was driven from it." might become "HCwbuiabcahhwdfi" or "HCwbuiabc#%ahhwdfi&". Even stronger is combining sentences from different works that are memorable for you.

I doubt that any rainbow table contains such strings from every sentence in world literature.

 

Well, I have many things to remember so I'll forget that abbreviated sentence in the next morning. I just use an easy password as my master password and I even forgot it a few months ago. Thankfully now I remember it again.

 

Well, my memory isn't so great sometimes either But that's the point with this approach. You don't need to remember anything except 1) it's the header on the first page of Candide, and 2) the procedure for punctuation and spaces. It's simplest to just drop them, because that's easy to remember.

 

I don't even remember what I posted yesterday, mirimir. My master password is supposed to be the easiest to remember (and to crack), so I make it up by creating my own words. The master password is what most people will consider as a bad password. But for other passwords they are much more complex. The more important the password is the more complex it'd be. I'll need to open the database every now and then or I'll forget it again. Yeah, getting old is kind of sucks lol.

 

OK, I get it.

I've been doing this for years, so I have about five strings like that, some of them 20-30 characters long. So I can have passphrases of 50-100 characters, and all I need to remember is something like "Candide Nausea Trial". In that sense, it's like the xkcd comic, except that each word gets expanded through an easy-to-recall formalism.

 

my password...Good?

ReacteAtenapPlecutIeedinG

 

there should be numbers in there as well as characters like ! ? % and such.

you could replace E by 3 and O by 0, for example.

 

Does anyone know how a password cracker works.

If my password is "the" I can see how it can just try lots of words from a dictionary and find my password. If my password is "theface" how does it use a dictionary to find the password. "Theface" isn't a word in the dictionary.

EDIT. Looks like this has answered my question:

http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/1/