On Mon, Apr 18, 2011 at 12:11:24PM -0400, Robert J. Hansen wrote: > On 4/18/2011 11:46 AM, Mark H. Wood wrote: > > It's easy to build gadgets which yield passwords that are > > mathematically very strong. The problem is that such passwords tend > > to be psychologically and pragmatically weak: you'll never remember > > "dishGhebJactotCerUnJodNavhahifbobTyWodvacushdojHashJakfawnairvak". > > I know lots of people who have memorized their 23-digit credit card + > expiration date + security code. A Base-64 encoding of a 128-bit hash > algorithm is 22 characters long.
Oh, sure -- I do that too. But the CC memorization problem seems a lot easier. First, it's all digits, not a typical Base64 mishmash. Second, it's not a 23-digit number; it's a 16-digit number, a date, and a 3-digit number. The hardest part by far is the 16-digit number. But since that number doesn't have any particular meaning to me *as a number*, it can be further broken down to a sequence of four four-digit sequences. Four four-digit numbers, a date, and a three-digit number doesn't sound difficult at all -- it's only six symbols. Chunking at useful level(s) can greatly assist learning. OTOH if there are any useful groupings in "c2l4IHdvcmRzIGxvbmcuCg==" they are not readily visible to me. My eye tends to slide right past it without taking anything in. This is why I tend to use something like APG to generate strings of nonsense *syllables*. If I can pretend it's a word, it's a lot easier for me to learn, because can I learn a handful of syllables instead of a long patternless jumble of individual characters. It engages auditory memory and can expose verbal handles for association. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Asking whether markets are efficient is like asking whether people are smart.
pgp403FsS6GZL.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
