dserban 0 Report post Posted August 18, 2007 (edited) If you are good at remembering very long, very cryptic alphanumeric passwords, this article is not for you. For the rest of us mere mortals, here is a method for choosing extremely secure passwords that you don't need to actually remember - you only need to remember some patterns for generating passwords that you and only YOU know. In this example I am using two command line utilities that come bundled with any Linux distribution. I'm running Windows XP, so these are the cygwin counterparts: # echo "appserver" | md5sum | md5sum707c3d6c4e93e43ba03bf0a5ef3a605a *-#a) Leading six characters of host name, spaced outb) Trailing six characters of MD5 sum above, spaced outa) a p p s e rb) 3 a 6 0 5 ac) Your password to connect to the machine called "appserver": a3pap6s0e5ra# crypt appserver | crypt - | crypt -Zmct2/xG/czm6#a) Leading six characters of host name, spaced outb) Trailing six characters of crypt hash above, spaced outa) a p p s e rb) G / c z m 6c) Your password to connect to the machine called "appserver": aGp/pcszemr6# echo "dbserver" | md5sum | md5sum6b0828ab640ffb600892468b97762fef *-## crypt dbserver | crypt - | crypt -.bIjOuGL2XVoE#I'll leave it as an exercise to you to determine the other two passwords (to connect to the machine called "dbserver").But you can use md5sum or crypt as many times as you want, and in any combination you want, and set up the interspersing pattern just the way you see fit. Passwords generated this way are immune to dictionary attacks and the good thing is that you don't need to remember them since you can recreate them every time. The only security issue remains to secure the process of recreating your passwords. Also, check out these articles: http://lifehacker.com/184773/geek-to-live--choose-and-remember-great-passwords http://lifehacker.com/247355/how-passwords-get-cracked Edited August 18, 2007 by dserban (see edit history) Share this post Link to post Share on other sites
wutske 0 Report post Posted August 19, 2007 mine is completely random and only took me a week to learn it , it's in my fingers now. Share this post Link to post Share on other sites
iGuest 3 Report post Posted August 20, 2007 A good thing to do with passwords, is think up a phrase that means something to you, remember the first letters of each word in the phrase, then put them together. e.g.Phrase: "How do you do? I'm fine thank you!"Ends up as:hdydiftyThen mix around the cases...hDydIFtYAnd add a number or two. (You could use something like the year you were born)Eventually you end up with something like this:hDy1993dIFtYGood thing about this, is if anyone else sees it, they wont be able to remember it! Share this post Link to post Share on other sites
HellFire121 0 Report post Posted August 22, 2007 A good thing to also do is include special characters in sites and services that allow it. Characters such as @#$% etc etc can be really good at providing that extra security which can be the difference between a weak password and a strong one.You can usually easily remember a password with a percentage in it, like add in 50% or something and it sticks in your head rather than some random string of text or numbers.-HellFire Share this post Link to post Share on other sites
Daniel666 0 Report post Posted August 22, 2007 I have a 7 character password, completly random string of numbers my dad gave me when i was hacked on a game, ive used it for 5 years now, its in my head and probably wont ever come out Share this post Link to post Share on other sites
ethergeek 0 Report post Posted August 22, 2007 You're probably better off just using a generator that can use the system random number generator...far better entropy.Take a look at KeePass (win32) and KeePassX (gnu/linux) for a really nice password manager/generator app. Share this post Link to post Share on other sites
Arbitrary 0 Report post Posted August 23, 2007 Indeed, that is a good idea. Most of my passwords are random, and after much overuse I've managed to remember them all. Something else I've been doing with passwords: I tend to keep my passwords in what I call 'tiers'. Basically, there's one tier for the 'stupid' passwords, as in passwords used flippantly to register at some forum that I'll probably only access once. Since I don't care much for these passwords, I tend to reuse the same password over all these 'stupid' websites, as it doesn't really matter if someone else finds out.My second 'tier' is for the relatively important ones, and I tend to (1) use a more secure password and (2) create three passwords that I alternate between these relatively important websites. Then when I get to a site I just pick one of the passwords.The third 'tier' is for the most important accounts (such as email), and there I have no two passwords that are the same. This way, I can minimize on memorizing too many passwords, but I'll still leave my most important accounts with a secure password that is not used elsewhere. Besides, at times I want to reaccess some forum I registered at long ago, and if I had chosen a new password for every registration, I'd never access any of my old accounts. Share this post Link to post Share on other sites
SilverFox1405241541 0 Report post Posted August 23, 2007 Arbitrary, I do passes simpler.1. Simple/unimportant: On forums I rarely use, very unlikely to get hacked things or my nicksev passes. They're simple phrases, names, and other things. I use them a lot also.2. Email and unknown things: I use a password like delldimsension350 or something that is right in front of me, that is long and not guessable. This is for mid-level things. I change it every 3-5 months. I have even used phone numbers and family members SSNs.3. Secure/Critical: These are the most important, I never use the same password. I use thee types on my dedicated server, my IRC shells and my virtual host. These are things that I can't really recover and that are critical and literally are risking financial investments. Examples are:gfyh546klhdflghl56hlkhdgflhdli5hlhdrlkghrdk5l6hklhgldfh56ilhldkghfldk56htklhhImpossible to guess and hard to brute-force. I store these in a file some where on my local disk, obscure (example not with a name like passwords.txt).Thats my recommendation to anyone else, but even the best password is vulnerable to humans. I've got so many passes just by good ol' SE.Another note, daniel666 said his password has never been hacked, he's wrong. He gave me it once (I posted a thread on Xisto about not giving out pases using his hacked account).Also I don't recommend using &;"',<> in passwords that link to mysql, as they might be filtered. Same with space. Share this post Link to post Share on other sites
iGuest 3 Report post Posted August 23, 2007 Yeah, I have an insecure password that I use to sign up to things I don't entirely trust, a relatively secure thing that i use to sign up to most things that aren't crucially important, and a very secure password for important things. Share this post Link to post Share on other sites
Sten 0 Report post Posted August 23, 2007 my password (my newest one, basically my habbo one cos i dont wanna get hacked) it really good.no one will ever guess it, probably cos theyre too SMART, lol, its also funny. Share this post Link to post Share on other sites
dserban 0 Report post Posted September 10, 2007 The multi-platform password cracker Ophcrack is incredibly fast. How fast? It can crack the password "Fgpyyih804423" in 160 seconds. Most people would consider that password fairly secure. Article "Fgpyyih804423 in 160 seconds. How Safe is Your Windows Password?": https://blog.codinghorror.com/rainbow-hash-cracking/ Share this post Link to post Share on other sites
Impious 0 Report post Posted September 11, 2007 Good way to do a password, but it can do easily manually. To make very secure password I put some capital letters and if the server doesnt deny i put some characters out of alphanumeric Share this post Link to post Share on other sites
Unregistered 0111405241546 0 Report post Posted September 11, 2007 For all my passwords, they're 20+ letters and numbers, they're really easy to remember, because it's my student ID number on my school card, and my password. It Ophcrack can crack that password can be cracked in 160 seconds... mine would only take like 5 minutes. Maybe I should make some capitals. Share this post Link to post Share on other sites
patronus4000 0 Report post Posted September 12, 2007 o.O Well, I think my passwords will be cracked fairly quickly. According to the article, the password Fgpyyih804423 in 160 seconds using the most basic rainbow tables. That's basic. So if the Extended table is used (containing non-alphanumeric symbols), then it's possible that every password can be hacked. Just goes to prove the point that one should never store important files on a computer, especially on the Internet. You never know when someone will nose their way into your stuff. Good thing for most of us that (1) Ophcrack is huge in file size, so most will not be downloading/installing it any time soon and (2) there really isn't a reason for random people to hack into most of our accounts - we aren't really famous/powerful people after all to attract the attention of evil crackers. I think. xP Serena Share this post Link to post Share on other sites
Alegis 0 Report post Posted September 12, 2007 Oh the problem isn't picking the password, many people who "claim they have been hacked" have been known to just write it down somewhere in sight or give it to the first moron that claims he's from the company where said person has an account.There is unfortunately no patch for human stupidity. Share this post Link to post Share on other sites
