Stronger password "correcthorsebatterystaple"

Discussion in 'other security issues & news' started by Less, Apr 27, 2014.

Thread Status:
Not open for further replies.
  1. Less

    Less Registered Member

    Joined:
    Dec 24, 2008
    Posts:
    248
    it states "correcthorsebatterystaple" is a strong password

    http://www.youtube.com/watch?v=1Sj-TeEfRxY
     
  2. Less

    Less Registered Member

    Joined:
    Dec 24, 2008
    Posts:
    248
    is this password strong enough

    wilderswalmartforumsales
     
  3. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    687
    I wouldn't use it. No caps, no numbers, or other non alphabetical keys. My understanding is incorporating all of those make for the better passwords. The best are unfortunately the hardest to remember. Truly randomized.
     
  4. Wroll

    Wroll Registered Member

    Joined:
    Nov 29, 2011
    Posts:
    549
    Location:
    Italy
    Yes, it is. The longest password in the world won't protect you from a dev stupidity, though.
     
  5. SA Jack

    SA Jack Registered Member

    Joined:
    May 25, 2008
    Posts:
    45
    This is an excellent site in learning about password strength.

    https://www.grc.com/haystack.htm

    You can try a number of combinations and see their respective strength. You can also see how strong a few common words (including the spaces between them) can not only be easy to remember, but very secure as well.

    Enjoy. -SA Jack
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Depending on the site/meter, I've had the same password example rated Medium, Strong, Very Strong.


    ----
    rich
     
  8. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    No. It is a combination of four dictionary words and password crackers software already incorporate this type of passwords in their list of attempts.
     
  9. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  10. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    25 char password is good enough, even if it's four random words.
    Just don't use one long word or something (well) known like 'SayHelloToMyLittleFriend'. Or 'correcthorsebatterystaple'.
    Use something specific, known only to you.
    Dictionary attacks don't go as far as up to having tables of all possible combinations of 4 different words, afaik.
    Some will argue that $kK#!111LLllagR0___7820RttFF is better. But it's a bitc* to remember.
    Arguably, it's stronger. Your opponent will need a kazillion kazillion livetimes instead of just one kazillion to crack the pw.
     
  11. guest

    guest Guest

    It won't be a strong password anymore if you spam it all over the internet. Or when the service database got hacked.

    That is what Davy Jones created password managers for.
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Password managers don't help for your FDE (TrueCrypt/LUKS) passphrases. Those you want to remember, and be able to plausibly forget.

    "How Candide was brought up in a beautiful castle, and how he was driven from it." might become "HCwbuiabcahhwdfi" or "HCwbuiabc#%ahhwdfi&". Even stronger is combining sentences from different works that are memorable for you.

    I doubt that any rainbow table contains such strings from every sentence in world literature.
     
  13. guest

    guest Guest

    Well, I have many things to remember so I'll forget that abbreviated sentence in the next morning. I just use an easy password as my master password and I even forgot it a few months ago. Thankfully now I remember it again.
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Well, my memory isn't so great sometimes either ;) But that's the point with this approach. You don't need to remember anything except 1) it's the header on the first page of Candide, and 2) the procedure for punctuation and spaces. It's simplest to just drop them, because that's easy to remember.
     
  15. guest

    guest Guest

    I don't even remember what I posted yesterday, mirimir. My master password is supposed to be the easiest to remember (and to crack), so I make it up by creating my own words. The master password is what most people will consider as a bad password. But for other passwords they are much more complex. The more important the password is the more complex it'd be. I'll need to open the database every now and then or I'll forget it again. Yeah, getting old is kind of sucks lol.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    OK, I get it.

    I've been doing this for years, so I have about five strings like that, some of them 20-30 characters long. So I can have passphrases of 50-100 characters, and all I need to remember is something like "Candide Nausea Trial". In that sense, it's like the xkcd comic, except that each word gets expanded through an easy-to-recall formalism.
     
  17. Less

    Less Registered Member

    Joined:
    Dec 24, 2008
    Posts:
    248
    my password...Good?

    ReacteAtenapPlecutIeedinG
     
  18. moontan

    moontan Registered Member

    Joined:
    Sep 11, 2010
    Posts:
    3,931
    Location:
    Québec
    there should be numbers in there as well as characters like ! ? % and such.

    you could replace E by 3 and O by 0, for example.
     
  19. SpikeyB

    SpikeyB Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    478
    Does anyone know how a password cracker works.

    If my password is "the" I can see how it can just try lots of words from a dictionary and find my password. If my password is "theface" how does it use a dictionary to find the password. "Theface" isn't a word in the dictionary.

    EDIT. Looks like this has answered my question:

    http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/1/
     
    Last edited: May 3, 2014
Loading...
Thread Status:
Not open for further replies.