[ale] password management

[Transam]

On Wed, Jul 23, 2003 at 02:44:35PM -0400, Geoffrey wrote:
> J.M. Taylor wrote:

> >Let's take any string that's common to any set of passwords (ie, some
> >systems use the username as a salt, or some such), my question is more --
> >does it matter in a brute-force or even educated-guess type attack?  Or is
> >the complexity of
> >secret_thing<concat>special_characters<concat>common_string<concat>month
> >enough to foil those kinds of attacks? It certainly *seems* safer than me
> >making up a longish random password that I have to write down until it's
> >memorized...

> My approach is to think of a sentence, then use the first character of 
> each word in the sentence.  I then throw in some punctuation, followed 
> by something that links it to that machine. Sometimes I'll mix 
> characters for words (u for you..). Grant it, I don't have 100's of 
> passwords.  But it works for me and might be a start.  For example, I 
> used to use the following for the bios password on my first pentium box:

You'd want at least 10 characters for routine use.  15 letters would be
much better.  My "strong" passwords are longer than that and non-trivial.

> Uwngt1!p200

> You will never guess this one


> You == U, one == 1, p200 the speed of that processor.

> >-- Richard Feynman, "Surely You're Joking, Mr. Feynman!"

> Excellent book!
Excellent book!

> -- 
> Until later: Geoffrey		esoteric at 3times25.net

> The latest, most widespread virus?  Microsoft end user agreement.
> Think about it...
Bob
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale