[Cryptography] Passwords are dying - get over it

[Kent Borg]

Jonathan Thornburg <jthorn at astro.indiana.edu> wrote:
>What are the advantages & disadvantages of this (diceware) vs the old
>"think of a long sentence or phrase, and take the 1st letter of each
>word"
>scheme.  E.g. "FDR was elected to 3 full terms as US president & also
>served part of a 4th term, but he was never vice-president" gives
>  Fwet3ftaUp&aspoa4t,bhwnv-p

My problem is the "think of" part, I want a password that has been built from random data, not something I dreamed up.  If the phrase really is memorable, it might be from The Lord of The Rings, and so part of a cracker list. (Your example appears not to be.) If it is something you made up and no one could anticipate, will it be memorable enough? Will you mess up a comma or preposition?

My solution is to have good *passwords* but realize they can be short. Encryption keys, however, are a different beast that must be far longer, so I try to have fewer I have to remember, mostly just the one I use to encrypt all the others. How many encryption keys do most normal people have?

-kb

-- 
Sent from my Turing machine.