[Cryptography] Passwords are dying - get over it
Kent Borg
kentborg at borg.org
Wed Dec 25 08:45:27 EST 2013
Jonathan Thornburg <jthorn at astro.indiana.edu> wrote:
>What are the advantages & disadvantages of this (diceware) vs the old
>"think of a long sentence or phrase, and take the 1st letter of each
>word"
>scheme. E.g. "FDR was elected to 3 full terms as US president & also
>served part of a 4th term, but he was never vice-president" gives
> Fwet3ftaUp&aspoa4t,bhwnv-p
My problem is the "think of" part, I want a password that has been built from random data, not something I dreamed up. If the phrase really is memorable, it might be from The Lord of The Rings, and so part of a cracker list. (Your example appears not to be.) If it is something you made up and no one could anticipate, will it be memorable enough? Will you mess up a comma or preposition?
My solution is to have good *passwords* but realize they can be short. Encryption keys, however, are a different beast that must be far longer, so I try to have fewer I have to remember, mostly just the one I use to encrypt all the others. How many encryption keys do most normal people have?
-kb
--
Sent from my Turing machine.
More information about the cryptography
mailing list