PASSWORD GUESSING
Thomas Truscott
trt at rti.UUCP
Tue Aug 15 00:40:18 AEST 1989
> I like passwords that are created by using the first letter in each word
> of a sentence such as:
>
> "I like eating hot soup in the winter"
>
> So, the passwd would be "ilehsitw" ...
This approach is fine, so long as the resulting password
is hard to guess. The Bad Guy is aware of this style of password
generation and is likely to try it on everything in
Bartlett's Familiar Quotations (for example).
So "pppapopp" may seem obscure, but "Peter Piper picked a peck
of pickled peppers" is not and that matters too.
No problem, just randomize the password by changing or adding letters.
E.g. change the "pa" to "qb", yielding "ppqbpopp"
which is only slightly harder to remember but is much harder to guess.
There are lots of different ways to randomize a password,
just make sure you choose a random way!
The "ilehsitw" has about 36 bits of effective key according to
an "obviousness" detector that I wrote
based on James Gilogly's routine that uses frequency
of English letter triples. Your mileage may vary
but 36 bits is an excellent key compared to most,
and the other passwords (e.g. "IwaVTfmnc") are even better.
Just make sure there aren't sneaky ways to guess the password.
Tom Truscott
More information about the Comp.unix.wizards
mailing list