Jump to content
xisto Community
Sign in to follow this  
dserban

Choosing An Extremely Secure Password - Examples

Recommended Posts

If you are good at remembering very long, very cryptic alphanumeric passwords, this article is not for you.

For the rest of us mere mortals, here is a method for choosing extremely secure passwords that you don't need to actually remember - you only need to remember some patterns for generating passwords that you and only YOU know.

In this example I am using two command line utilities that come bundled with any Linux distribution. I'm running Windows XP, so these are the cygwin counterparts:

 

# echo "appserver" | md5sum | md5sum707c3d6c4e93e43ba03bf0a5ef3a605a *-#a) Leading six characters of host name, spaced outb) Trailing six characters of MD5 sum above, spaced outa)															 a p p s e rb)															  3 a 6 0 5 ac) Your password to connect to the machine called "appserver": a3pap6s0e5ra# crypt appserver | crypt - | crypt -Zmct2/xG/czm6#a) Leading six characters of host name, spaced outb) Trailing six characters of crypt hash above, spaced outa)															 a p p s e rb)															  G / c z m 6c) Your password to connect to the machine called "appserver": aGp/pcszemr6# echo "dbserver" | md5sum | md5sum6b0828ab640ffb600892468b97762fef *-## crypt dbserver | crypt - | crypt -.bIjOuGL2XVoE#
I'll leave it as an exercise to you to determine the other two passwords (to connect to the machine called "dbserver").

But you can use md5sum or crypt as many times as you want, and in any combination you want, and set up the interspersing pattern just the way you see fit.

Passwords generated this way are immune to dictionary attacks and the good thing is that you don't need to remember them since you can recreate them every time.

The only security issue remains to secure the process of recreating your passwords.

 

Also, check out these articles:

 

http://lifehacker.com/184773/geek-to-live--choose-and-remember-great-passwords

 

http://lifehacker.com/247355/how-passwords-get-cracked

Edited by dserban (see edit history)

Share this post


Link to post
Share on other sites

A good thing to do with passwords, is think up a phrase that means something to you, remember the first letters of each word in the phrase, then put them together. e.g.Phrase: "How do you do? I'm fine thank you!"Ends up as:hdydiftyThen mix around the cases...hDydIFtYAnd add a number or two. (You could use something like the year you were born)Eventually you end up with something like this:hDy1993dIFtYGood thing about this, is if anyone else sees it, they wont be able to remember it!

Share this post


Link to post
Share on other sites

A good thing to also do is include special characters in sites and services that allow it. Characters such as @#$% etc etc can be really good at providing that extra security which can be the difference between a weak password and a strong one.You can usually easily remember a password with a percentage in it, like add in 50% or something and it sticks in your head rather than some random string of text or numbers.-HellFire

Share this post


Link to post
Share on other sites

You're probably better off just using a generator that can use the system random number generator...far better entropy.Take a look at KeePass (win32) and KeePassX (gnu/linux) for a really nice password manager/generator app.

Share this post


Link to post
Share on other sites

Indeed, that is a good idea. Most of my passwords are random, and after much overuse I've managed to remember them all. Something else I've been doing with passwords: I tend to keep my passwords in what I call 'tiers'. Basically, there's one tier for the 'stupid' passwords, as in passwords used flippantly to register at some forum that I'll probably only access once. Since I don't care much for these passwords, I tend to reuse the same password over all these 'stupid' websites, as it doesn't really matter if someone else finds out.My second 'tier' is for the relatively important ones, and I tend to (1) use a more secure password and (2) create three passwords that I alternate between these relatively important websites. Then when I get to a site I just pick one of the passwords.The third 'tier' is for the most important accounts (such as email), and there I have no two passwords that are the same. This way, I can minimize on memorizing too many passwords, but I'll still leave my most important accounts with a secure password that is not used elsewhere. Besides, at times I want to reaccess some forum I registered at long ago, and if I had chosen a new password for every registration, I'd never access any of my old accounts.

Share this post


Link to post
Share on other sites

Arbitrary, I do passes simpler.1. Simple/unimportant: On forums I rarely use, very unlikely to get hacked things or my nicksev passes. They're simple phrases, names, and other things. I use them a lot also.2. Email and unknown things: I use a password like delldimsension350 or something that is right in front of me, that is long and not guessable. This is for mid-level things. I change it every 3-5 months. I have even used phone numbers and family members SSNs.3. Secure/Critical: These are the most important, I never use the same password. I use thee types on my dedicated server, my IRC shells and my virtual host. These are things that I can't really recover and that are critical and literally are risking financial investments. Examples are:gfyh546klhdflghl56hlkhdgflhdli5hlhdrlkghrdk5l6hklhgldfh56ilhldkghfldk56htklhhImpossible to guess and hard to brute-force. I store these in a file some where on my local disk, obscure (example not with a name like passwords.txt).Thats my recommendation to anyone else, but even the best password is vulnerable to humans. I've got so many passes just by good ol' SE.Another note, daniel666 said his password has never been hacked, he's wrong. He gave me it once (I posted a thread on Xisto about not giving out pases using his hacked account).Also I don't recommend using &;"',<> in passwords that link to mysql, as they might be filtered. Same with space.

Share this post


Link to post
Share on other sites

Yeah, I have an insecure password that I use to sign up to things I don't entirely trust, a relatively secure thing that i use to sign up to most things that aren't crucially important, and a very secure password for important things.

Share this post


Link to post
Share on other sites

my password (my newest one, basically my habbo one cos i dont wanna get hacked) it really good.no one will ever guess it, probably cos theyre too SMART, lol, its also funny.

Share this post


Link to post
Share on other sites

o.O Well, I think my passwords will be cracked fairly quickly. According to the article, the password Fgpyyih804423 in 160 seconds using the most basic rainbow tables. That's basic. So if the Extended table is used (containing non-alphanumeric symbols), then it's possible that every password can be hacked. Just goes to prove the point that one should never store important files on a computer, especially on the Internet. You never know when someone will nose their way into your stuff.

 

Good thing for most of us that (1) Ophcrack is huge in file size, so most will not be downloading/installing it any time soon and (2) there really isn't a reason for random people to hack into most of our accounts - we aren't really famous/powerful people after all to attract the attention of evil crackers. I think. xP

 

Serena

Share this post


Link to post
Share on other sites

Oh the problem isn't picking the password, many people who "claim they have been hacked" have been known to just write it down somewhere in sight or give it to the first moron that claims he's from the company where said person has an account.There is unfortunately no patch for human stupidity.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.