RE: Password generators
From: zcat@themall.co.nzDate: 06/26/02
- Previous message: fyreguy@rivetgeek.com: "Re: IPC$ blocking"
- In reply to: Brent Gardner: "RE: Password generators"
- Next in thread: Garryck Osborne: "RE: Password generators"
- Next in thread: Josh Glover: "Re: Password generators"
- Next in thread: Mike Sullivan: "RE: Password generators"
- Reply: Garryck Osborne: "RE: Password generators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Jun 2002 09:40:59 +1200 (NZST) From: <zcat@themall.co.nz>
>
> Plug in an easily remembered word and it spits out an 1337 version
> containing caps, lower-case, numbers, and non-alphanumeric characters.
NOOOOO!!!!
Surely it's obvious why this would be a BAD password. It's based on a
dictionary word, with simple, common letter substitutions. This is the
only the next step up (common permutations) from a plain dictionary
attack. If you're going to use "h4<Km3" as a password, expect to get
hacked.
Don't base your passwords on dictionary words, phonetic misspellings,
names, slang, etc. They're all well-known. Use something properly random;
I usually do a 'strings -8 /dev/urandom' and then pick something from the
first screenful that I think I can memorise. I know people advise never to
write down passwords, but I do and keep it down the back of my cellphone
for the week or so it takes me to memorise it. IMHO that's still a LOT
safer than having an easily-cracked password. But DON'T write it down on
a post-it note behind your monitor or under the keyboard!!
- Previous message: fyreguy@rivetgeek.com: "Re: IPC$ blocking"
- In reply to: Brent Gardner: "RE: Password generators"
- Next in thread: Garryck Osborne: "RE: Password generators"
- Next in thread: Josh Glover: "Re: Password generators"
- Next in thread: Mike Sullivan: "RE: Password generators"
- Reply: Garryck Osborne: "RE: Password generators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
