<p dir="ltr">Another method for password creation is to create a long memorable sentence and then take the 1st letter of each word. This results in a easy to remember password which looks completely random to other people. </p>
<p dir="ltr">Also by using capital letters for peoples names and/or places or finding a way to incorporate currency signs is even better.</p>
<p dir="ltr">Something like.</p>
<p dir="ltr">Cyprus are the latest victims in the Euro zone</p>
<p dir="ltr">Could create a password</p>
<p dir="ltr">Catlvit€z</p>
<p dir="ltr">The only cravat is you remember the sentence. But this could be family related like a sentence that contains your children's/parents birthdays</p>
<p dir="ltr">Gary</p>
<div class="gmail_quote">On 26 Mar 2013 05:58, "Peter Childs" <<a href="mailto:pchilds@bcs.org">pchilds@bcs.org</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<p dir="ltr">The banks are quite happy with 4 digit pins so why bother. I for one am more worrid about my money in the bank than about what I write or somone else might write for me on Facebook......</p>
<p dir="ltr">If people are encouraged to have long difficult to remember passwords they write them down which is counter productive. Ive met people with code books are they any some how more secure. Than passwords you can store in your head.....</p>
<p dir="ltr">The truth is the security is in variety if everyone uses the same password its easy to crack but if everyone uses a slightly different one based on anything its going to be harder work.</p>
<p dir="ltr">In straight maths longer passwords are better each extra character raises the available combinations by about 40+ times. But if everyone uses the same combination its still just as easy to crack.....</p>
<p dir="ltr">So yes long private keys are best, but then you have to find someway to look after the long private key so it stays secure. Passwords are short easy to remember but difficult to guess that should NEVER be written down. Ideally we should be using a long private key protected with a password. And then keep that key on hmm a bit of plastic in our wallet? Ring any bells?<br>
</p>
<p dir="ltr">Peter</p>
<div class="gmail_quote">On 25 Mar 2013 23:02, "james morris" <<a href="mailto:jwm.art.net@gmail.com" target="_blank">jwm.art.net@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
On 25 March 2013 13:48, Karl Buckland <<a href="mailto:buckland.karl@gmail.com" target="_blank">buckland.karl@gmail.com</a>> wrote:<br>
> MD5 passwords are only particularly easy to crack because the hashing<br>
> algorithm is extremely fast and usually they aren't salted. This means you<br>
> can generate a rainbow table of hashes and then simply match up.<br>
><br>
> Are you trying to ascertain what makes a secure password, or are you trying<br>
> to ascertain what makes a secure login system?<br>
<br>
More trying to _show_ insecure passwords, and secure passwords. My<br>
reasoning for using MD5 was that if hashcat fails to crack a password<br>
hashed using MD5, it's going to be secure. For instance, passwords<br>
stored in /etc/shadow are hashed using SHA512 (as well as salted).<br>
<br>
> As a web developer I recommend using a complicated and slow password<br>
> encryption scheme, such as bcrypt. On top of that, each password should have<br>
> its own salt. And on top of that, any login system should disable a users<br>
> account after a set number of failed logins.<br>
><br>
> As for user passwords, I would recommend at least 8 characters and the<br>
> standard set of uppercase, lowercase, numeric and special characters.<br>
> Ideally, you should use a password manager instead and use long, complicated<br>
> (effectively impossible to remember) passwords.<br>
<br>
But I think for many non-technical people, difficult to remember<br>
passwords are a real problem. I wanted to experiment with much longer,<br>
but easy to remember passwords, looking at how difficult they were to<br>
crack. For instance, lines from poems or novels etc. I know using<br>
words straight out the dictionary is frowned upon to say the least,<br>
but this is where the length comes in. The very name of the term<br>
"password" suggests brevity.<br>
<br>
I wanted to compare the security of long easy to remember passwords<br>
(minimum 15 characters) with shorter difficult to remember passwords.<br>
The article I linked to says the time taken to crack a hashed password<br>
increases exponentially with each character so the theory is that easy<br>
to remember passwords can be secure if they are long enough.<br>
<br>
<br>
<br>
><br>
> Karl<br>
><br>
><br>
> On 25 March 2013 13:01, james morris <<a href="mailto:jwm.art.net@gmail.com" target="_blank">jwm.art.net@gmail.com</a>> wrote:<br>
>><br>
>> (sorry for previous attempt, forgot list doesn't allow attachments)<br>
>><br>
>> read an article about password cracking this morning:<br>
>><br>
>> <a href="http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/3/" target="_blank">http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/3/</a><br>
>><br>
>> and being curious decided to try my own passwords. it only seemed to<br>
>> crack the first word of two (nor the two digit number at end) in my<br>
>> weakest password.<br>
>><br>
>> then i was curious about long passwords made entirely of words such as:<br>
>><br>
>> longpassworddifficulttocrack<br>
>><br>
>> my tests don't crack that, nor even crackmenow or hardtocrack.<br>
>><br>
>> i'm using the rockyou.txt word list, and only encoding the passwords<br>
>> as MD5 so expected better results than this.<br>
>><br>
>> here's a bash script to automate password testing to some degree:<br>
>> <a href="https://github.com/jwm-art-net/password_tester" target="_blank">https://github.com/jwm-art-net/password_tester</a><br>
>><br>
>> it starts with a file of unencoded passwords one per line, runs md5sum<br>
>> on them, the tries to crack the md5s.<br>
>><br>
>> any tips for making the cracking effort more robust appreciated!<br>
>> cheers,<br>
>> james<br>
>><br>
>> _______________________________________________<br>
>> Kent mailing list<br>
>> <a href="mailto:Kent@mailman.lug.org.uk" target="_blank">Kent@mailman.lug.org.uk</a><br>
>> <a href="https://mailman.lug.org.uk/mailman/listinfo/kent" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/kent</a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> Kent mailing list<br>
> <a href="mailto:Kent@mailman.lug.org.uk" target="_blank">Kent@mailman.lug.org.uk</a><br>
> <a href="https://mailman.lug.org.uk/mailman/listinfo/kent" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/kent</a><br>
<br>
_______________________________________________<br>
Kent mailing list<br>
<a href="mailto:Kent@mailman.lug.org.uk" target="_blank">Kent@mailman.lug.org.uk</a><br>
<a href="https://mailman.lug.org.uk/mailman/listinfo/kent" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/kent</a><br>
</blockquote></div>
<br>_______________________________________________<br>
Kent mailing list<br>
<a href="mailto:Kent@mailman.lug.org.uk">Kent@mailman.lug.org.uk</a><br>
<a href="https://mailman.lug.org.uk/mailman/listinfo/kent" target="_blank">https://mailman.lug.org.uk/mailman/listinfo/kent</a><br></blockquote></div>