all of these are good ideas all around. the longer the password string (and the greater the types of characters, the less likely that a dictionary attack will work. lets see... a 20 character long password containing upper case, lower case, the 10 numbers and the 15 or so punctuation marks could be a very large number. for simple math: 20*factorial(26^2) and that is just for the letters )assuming you don't use the other 25 characters free available on the keyboard). that is already a very large number (in excess of 18 digits). this may be over simplified and the math is based on a single assumption, but its still a good demonstration of just how big a dictionary has to be. the last time I set a password generator program to create a dictionary, I used both sets of 26 letters, the numbers and the 15 other characters. I limited it to just 12 characters long. the resulting dictionary was over 60 GB in size and it wasn't even 25% of the way done yet. I might also add that it took nearly 2 days to generate that much and the file was already starting to double in size every 5% at that point. in order for me to have a complete dictionary of the limits I specified, I would have required all the storage that the NSA uses over the course of a year just to house it. very impractical by any means (and before you ask, I figured out how much storage that was based on the amount of data zipping around the net on an average day, which is rather a lot). lisa can probably correct my math on this. applied cryptography is not my strong suit. -eric On Nov 21, 2011, at 8:14 PM, Stephen wrote: > Could work. But nonwords really remove the dictionary hacks entirely. > On Nov 21, 2011 8:11 PM, "Lisa Kachold" wrote: > How about nursery rhymes using 1 st, 3rd or last character (or number)? Or music lyrics? > > On Nov 21, 2011 8:07 PM, "Stephen" wrote: > I shoot for multisyllable nonsense that has a couple numbers tossed in. Smooth it so I can pronounce it phonetically and bingo secure password I don't forget. If you can say it you can remember it. > > On Nov 21, 2011 6:21 PM, "Lisa Kachold" wrote: > I believe you win the password security award, Hawks, > > On Nov 21, 2011 1:41 PM, "Technomage Hawke" wrote: > this is why I use a long password string with random characters (pigeon is so nice for this). usually I go with a character length longer than 20 characters. since these are very hard to remember, I keep them on a usb dongle in an encrypted file. Because of this, I have only had to change my password (because of a security issue) only twice in the last 5 years. > > I am not sure how the security specialists on the list would treat this, but for me, it seems to be the best solution for the job at hand. > > also, I also never browse the web on a windows machine (safer that way). I use OS X for most of my mail and web browsing stuff. I use linux (as VINUX) for some development testing and for the above mentioned password and security items. it also keeps me from losing those skills I spent the last 16 years trying to use. > > -eric > > On Nov 21, 2011, at 12:04 PM, Michael Havens wrote: > > > Before I left for Peru I got an email from Google telling me that someone in China had accessed my gmail account and that I should change my password unless it was me accessing my account from China. Well, I changed my pass word. Then I went to Peru and was expecting them to send me another email but one never arrived. > > > > Someone figured out a password of seven numerals and 3 letters! > > > > -- > > :-)~MIKE~(-: > > --------------------------------------------------- > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change your mail settings: > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss