all of these are good ideas all around. the longer the password string (and the greater the types of characters, the less likely that a dictionary attack will work.
lets see... a 20 character long password containing upper case, lower case, the 10 numbers and the 15 or so punctuation marks could be a very large number. for simple math: 20*factorial(26^2) and that is just for the letters )assuming you don't use the other 25 characters free available on the keyboard). that is already a very large number (in excess of 18 digits). this may be over simplified and the math is based on a single assumption, but its still a good demonstration of just how big a dictionary has to be.
the last time I set a password generator program to create a dictionary, I used both sets of 26 letters, the numbers and the 15 other characters. I limited it to just 12 characters long. the resulting dictionary was over 60 GB in size and it wasn't even 25% of the way done yet. I might also add that it took nearly 2 days to generate that much and the file was already starting to double in size every 5% at that point. in order for me to have a complete dictionary of the limits I specified, I would have required all the storage that the NSA uses over the course of a year just to house it. very impractical by any means (and before you ask, I figured out how much storage that was based on the amount of data zipping around the net on an average day, which is rather a lot).
lisa can probably correct my math on this. applied cryptography is not my strong suit.
-eric
On Nov 21, 2011, at 8:14 PM, Stephen wrote:
> Could work. But nonwords really remove the dictionary hacks entirely.
> On Nov 21, 2011 8:11 PM, "Lisa Kachold" <lisakachold@obnosis.com> wrote:
> How about nursery rhymes using 1 st, 3rd or last character (or number)? Or music lyrics?
>
> On Nov 21, 2011 8:07 PM, "Stephen" <cryptworks@gmail.com> wrote:
> I shoot for multisyllable nonsense that has a couple numbers tossed in. Smooth it so I can pronounce it phonetically and bingo secure password I don't forget. If you can say it you can remember it.
>
> On Nov 21, 2011 6:21 PM, "Lisa Kachold" <lisakachold@obnosis.com> wrote:
> I believe you win the password security award, Hawks,
>
> On Nov 21, 2011 1:41 PM, "Technomage Hawke" <technomage.hawke@gmail.com> wrote:
> this is why I use a long password string with random characters (pigeon is so nice for this). usually I go with a character length longer than 20 characters. since these are very hard to remember, I keep them on a usb dongle in an encrypted file. Because of this, I have only had to change my password (because of a security issue) only twice in the last 5 years.
>
> I am not sure how the security specialists on the list would treat this, but for me, it seems to be the best solution for the job at hand.
>
> also, I also never browse the web on a windows machine (safer that way). I use OS X for most of my mail and web browsing stuff. I use linux (as VINUX) for some development testing and for the above mentioned password and security items. it also keeps me from losing those skills I spent the last 16 years trying to use.
>
> -eric
>
> On Nov 21, 2011, at 12:04 PM, Michael Havens wrote:
>
> > Before I left for Peru I got an email from Google telling me that someone in China had accessed my gmail account and that I should change my password unless it was me accessing my account from China. Well, I changed my pass word. Then I went to Peru and was expecting them to send me another email but one never arrived.
> >
> > Someone figured out a password of seven numerals and 3 letters!
> >
> > --
> > :-)~MIKE~(-:
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change your mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)