On 7/30/2012 5:14 AM, Henrique de Moraes Holschuh wrote: > You need to have gibberish passphrases if you want it to be secure...
Gibberish implies one wouldn't be able to remember the password/phrase. What you want is something recognizable to you but gibberish to all others. I've been using such passwords for years. The creation methodology is simple. Take a couple or few short acronyms familiar to you but obscure to the general population. Inject numbers associated with the things the acronyms identify. Use case variation on the alpha portions. Then add a special character to the front and rear, and some padding characters to increase length, as length is ultimately the key to unguessable passwords. For example: ...@AsCi6144Bm#--- That's 18 characters, not unwieldy, nor hard to remember, if you know what the component parts are and the special character and padding policies. Looks like complete gibberish yes? According to https://www.grc.com/haystack.htm it will take *1.28 trillion centuries* at one hundred trillion guesses/second to brute force guess this password. At http://www.passwordmeter.com/ it gets a 100% score and very strong complexity rating, although you can achieve this with this tool using a much less complex password. -- Stan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/501692e6.1050...@hardwarefreak.com
