Passwords coming out of my ears

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJeffrey Pyne at <-
MMJeffrey Pyne at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Dorian A. Monroe, II
Date:  
Subject: Passwords coming out of my ears
On machines or systems where things are a bit sensitive, I sometimes thro=
w in an alt-character. Something like these...

Alt-157 =3D> =A5
Alt-154 =3D> =DC
Alt-787 =3D> &#8252;

Hold down the Alt key, type "157" on the number pad, release the Alt key.=
These characters don't fall within the character sets that most (any?) =
brute-force password crackers check, therefore they will never be cracked=
=2E =


Test it to be sure it works through all methods that you'll be accessing =
that system though! Sometimes, it's just not easy or possible to enter t=
hose characters through some OS'en or terminal emulators. :)



> =

> From: Jeffrey Pyne <>
> Date: 2003/05/14 Wed PM 02:32:32 EDT
> To: "''" <.=
phoenix.az.us>
> Subject: RE: Passwords coming out of my ears
> =

> On Tuesday, May 13, 2003 10:41 PM, foodog wrote:
> =

> > For secure passwords, two suggestions to start with: 1, =

> > learn to write in 1337 (Leet), 2, choose a passphrase =

> > and misspell it in leet. Combine those techniques with =

> > a host-specific prefix or suffix and you're on the road =

> > to using good passwords.
> =

> I do something pretty similar to this. I take my base 37337 password (=
e.g.
> "I love pie." =3D=3D> "! 1Uv p!3."), and prepend the first character of=
the
> hostname or domain name in lowercase and postpend (?) the last characte=
r of
> the hostname or domain name in uppercase. So my password to www.hotmai=
l.com
> (if I had one) would be "h! 1Uv p!3.L", and my logon to appserver would=
be
> "a! 1Uv p!3.R". So, you would have a different password for every web =
site
> or host, but you'd really only have to remember one.
> =

> I used to feel good about this scheme until I read on l0phtcrack's site=
:
> =

> "Consider that at one of the largest technology companies, where policy=

> required that passwords exceed 8 characters, mix cases, and include num=
bers
> or symbols... =

> =

> * L0phtCrack obtained 18% of the passwords in 10 minutes =

> * 90% of the passwords were recovered within 48 hours on a Pentium II/3=
00 =

> * The Administrator and most Domain Admin passwords were cracked"
> =

> So what is a "good" password, really? Does anyone have an example of a=

> password that would not be easily cracked by a tool such as l0phtcrack?=

> =

> ~Jeff
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> =



This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Sendmail-Qmail question2.6 Kernel->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)