[ale] password management

Geoffrey esoteric at 3times25.net
Wed Jul 23 14:44:35 EDT 2003


J.M. Taylor wrote:

> Let's take any string that's common to any set of passwords (ie, some
> systems use the username as a salt, or some such), my question is more --
> does it matter in a brute-force or even educated-guess type attack?  Or is
> the complexity of
> secret_thing<concat>special_characters<concat>common_string<concat>month
> enough to foil those kinds of attacks? It certainly *seems* safer than me
> making up a longish random password that I have to write down until it's
> memorized...

My approach is to think of a sentence, then use the first character of 
each word in the sentence.  I then throw in some punctuation, followed 
by something that links it to that machine. Sometimes I'll mix 
characters for words (u for you..). Grant it, I don't have 100's of 
passwords.  But it works for me and might be a start.  For example, I 
used to use the following for the bios password on my first pentium box:

Uwngt1!p200

You will never guess this one


You == U, one == 1, p200 the speed of that processor.

> -- Richard Feynman, "Surely You're Joking, Mr. Feynman!"

Excellent book!

-- 
Until later: Geoffrey		esoteric at 3times25.net

The latest, most widespread virus?  Microsoft end user agreement.
Think about it...

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list