Unbreakable crypto: ...

Discussion in 'other security issues & news' started by lotuseclat79, Jul 19, 2012.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
  3. Fox Mulder

    Fox Mulder Registered Member

    Joined:
    Jun 2, 2011
    Posts:
    203
    The easiest way to create a long, secure password is to pick a quote from your favorite author/musician/actor/politician/whatever and use the first letter of each word.

    Example:

    Quote: "We hold these truths to be self-evident, that all men are created equal"

    Turns into: whtttbsetamace

    Then maybe throw an exclamation point at the end and you'll be set.
     
  4. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    Sounds good -- but don't forget that way too many sites won't accept special characters in passwords (despite their inclusion being recommended practice), and a great many do require including at least one numeric character.

    (edit) Also, many sites have a relatively narrow "window" of acceptable password length (e.g., 8-12). Might be a trick coming up with a good phrase that would generate the right length of initials.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I use a similar method. My password based on that sentence would be:

    Wh777653974m4c3

    But I wouldn't use such a famous quote ;) For LUKS passphrases, I concatenate multiple such blocks, from different sources, that tell a story. In multiple languages. Remembering 50-100 characters is easy. Each machine has an identity that changes the story slightly.
     
  6. monty22001

    monty22001 Lurker

    Joined:
    Jul 31, 2012
    Posts:
    1
    Location:
    Dallas, TX
    I'm sure eventually, if not already, rainbow tables will be around for common sayings.

    It's trivial to check for the numeric reprsentations for letters too. For a website that you can't hit over and over it should be fine. But something that can be hit like a keepass database, I dunno..
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I don't start with common sayings. I use a few sentences, from multiple books.
     
  8. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    Common phrases should be avoided for obvious reasons. Instead, use a nonsense phrase that you construct to be memorable.

    I also find it aggravating that websites have such crazy and seemingly random password rules. Some require alphanumeric only, some allow special characters but only a special subset. Most cap the number of characters to 12 and almost none allow 20+
    There has got to be some way to require all web developers to read this cartoon:
    http://xkcd.com/936/
     
  9. SirDrexl

    SirDrexl Registered Member

    Joined:
    Apr 14, 2012
    Posts:
    545
    Location:
    USA
    Well, I recently switched from LastPass to KeePass and decided to change all of my passwords I had stored there. There were over 120 of them and I did this within a few days, so it gave me a look at the different password rules.

    Many of them actually allowed 20 or more characters, but some had varying rules as you know. The biggest short password offender was Netflix (with only 10), and I'm pretty sure that was the only one under 14. A utility billing site capped it at 14, and that really should be longer. EA's Origin had a stated limit of 16, but only 15 worked for me. But, most of the others could go to 20 or more.
     
  10. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    SirDrexl,
    thanks for checking on specific sites.
    Most of the worst offenders for me have been banks. I did a bit of checking myself and was pleased to find a couple of banks that fixed their password policies. AMEX was the worst offender. The previous policy was 6-8 characters with a long list of invalid combinations plus zero special characters. They recently changed it to 8-20 characters but still ban special characters. The "not case sensitive" part is really very strange though.
     
Loading...
Thread Status:
Not open for further replies.