[lug] password generating techniques
durist at frii.com
durist at frii.com
Wed Mar 21 09:04:49 MDT 2012
This is a really difficult problem, if you don't want to use a password
wallet or a piece of paper (and there are good reasons for avoiding
both).
Diceware (http://world.std.com/~reinhold/diceware.html) is widely
considered to be a good compromise between security/remember-ability.
On Wed, 21 Mar 2012 08:48:35 -0600, Davide Del Vento wrote:
>> /dev/random?
>
> Are you serious or are you kidding? (sorry, this sounds like
> http://en.wikipedia.org/wiki/Poe%27s_law )
>
> If you are kidding, fine :-D
>
> If you are serious, you missed the point. The discussion here is how
> can I *remember* tens if not hundreds of these passwords, not how can
> I generate them. Since I cannot remember them all, I see the
> following
> options:
>
> 1) use weaker passwords, easier to remember
> 2) use a single strong password, shared among all the services I use
> 3) use a (mental) algorithm to generate site-specific passwords from
> a
> single strong one
> 4) use a password manager like Kevin suggested
> 5) use something like OPLOP
> 6) write the strong passwords on a piece of paper
>
> Of course 1) and 2) are bad, you don't need me to tell you why. 3)
> could be ok, but being "mental" it must be easy and thus it can be
> easy to crack and it is only security by obscurity. I replied to
> Kevin
> with my objections to 4) so I won't repeat myself. It looks like 5)
> is
> the best choice, but I had the questions with which I started this
> thread. Option 6) adds the physical security problem to the computer
> security problem, and add the inconvenience of transporting this
> piece
> of paper with me at all the time in a secure manner.
>
> Cheers,
> Davide
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667
> channel=#hackingsociety
More information about the LUG
mailing list