EvilZone
Hacking and Security => Tutorials => : f1x01 December 18, 2012, 03:51:35 PM
-
Hi, everyone. This is my first topic in this community. I'd like to tell you a method that can make a super strong,easy to remember password. I don't know if anybody know this before, I cooked it myself. English isn't my first language, So if I did not express clearly. just look the instance,It's very simple.
When I talk about 'super strong',I mean it contains numbers, uppercase and lowercase alphabetic characters,special characters. and it's long enough(if you want,It can be 30+ even 100+ length).
When I talk about 'easy remember' I mean you just need remember several numbers.
Here we go. it just need 4 steps.
step 1: Choose a simple password only contain numbers. it can by your cell phone number or your birthday etc. just easy to remember for you.For example here we use: 12345678
step 2: Look at your keyboard,choose several groups of buttons, each group have 4 buttons. it can be any easy remember sets. such as 1qaz 2wsx 3edc 4rfv 5tgb 6yhn 7ujm or 1234 qwer 5678 tyui 90-= op[] or 12zx 34cv 56bn 78m, 90./ For example here we use 12zx 34cv 56bn 78m, 90./
step 3: look your password which selected in step1. convert each number to a 4-bit binary string. 12345678 to 0001 0010 0011 0100 0101 0110 0111 1000
step 4: Press the buttons which you selected in step2, according to the binary string. Here's the rule, 0 just press the button. 1 press Shift first then press the button.(or Do the opposite)
For example(here we use 1forShift rule) 12zx 34cv 56bn 78m, 90./ and 0001 0010 0011 0100 0101 0110 0111 1000 equals 12zX 34Cv 56BN 7*m, 9),> 1@Zx 3$CV %6bn
Is 12zX34Cv56BN7*m,9),>1@Zx3$CV%6bn strong enough for you ?
you just need remember 12345678.
this is it. I call it Binkey,I hope you like it.
sorry, I forgot introduce myself. here is it. I'm 'the computer guy' in a firm, my Job is to make sure the intercom,computer network,website,management software,computers,fax machines,copying machines,telephone,even the coffee machine keep running. I have to design and update the website too. And I have some knowledge of C,C++,C#,network. I would like to learn about hacking and security more and Also need help in java programming. i will try my best to share my knowledge.
-
Very interesting. Probably not something I would every use but it is simple enough to remember.
Also, you need to go post an intro before you get flamed.
-
I find your block of text... disturbing.
Would look much better with proper spacing and format. Also post an intro :)
-
I find your block of text... disturbing.
Would look much better with proper spacing and format. Also post an intro :)
It's actually a pretty interesting way to make a password. If it is OC of course.
-
Well this is insecure. Now that the public knows the algorithm you can just generate all possible number combinations up to a given length and convert them to those "secure" passwords using that algorithm to use in dictionary attack lol
Also I think this was originally a con posted by someone who wanted easier access to machines who used this algorithm using dictionary attacks.
-
This is totally insecure now. Btw, @OP: are you sure you didn't just made your passwords available for public? :P
-
I find this way to complicated for generating a password. First, most popular sites cut pword length at 15 chars. Second, if you want a secure password just use a passphrase, xkcd has the carbatteryhorsestaple example or you could be like Iceman: !! Onemancanmakeadifference!
Either way, it'd take trillions of years to crack according to that one website that tests that sorta thing.
-
Well this is insecure. Now that the public knows the algorithm you can just generate all possible number combinations up to a given length and convert them to those "secure" passwords using that algorithm to use in dictionary attack lol
Also I think this was originally a con posted by someone who wanted easier access to machines who used this algorithm using dictionary attacks.
first: I don't know your step1 password.
second: You can choose your step2 string. even a sentence.
for example: 1 d0 l0v3 my d0g
then 1d0l 0v3m yd0g if your step1 password is 2015
then 1d)l 0v3m yd0G 1D0L
I can't see how to 'using dictionary attacks'. If you do, please tell me.
This is totally insecure now. Btw, @OP: are you sure you didn't just made your passwords available for public? :P
I never use same password in different place. It's a common sense ;D
I find this way to complicated for generating a password. First, most popular sites cut pword length at 15 chars. Second, if you want a secure password just use a passphrase, xkcd has the carbatteryhorsestaple example or you could be like Iceman: !! Onemancanmakeadifference!
Either way, it'd take trillions of years to crack according to that one website that tests that sorta thing.
it can be long and can be short, you just make a short step1 wordkey,like 3 chars, you'll have a 12 chars password. It seems complicated,but easy to do,after you do a little practice. maybe it do not fit everywhere but I think it's useful in somewhere.
Staff note: Seriously? triple post? Edit button mothafucka... do you see it?
-
Seriously, use the edit function. There's no need to triple post it looks aweful
-
I have more simple way to create password. For example we all know how mobile keyboard looks like:
(http://1.bp.blogspot.com/_1_9c-MJBXbw/TPtKE1VMNrI/AAAAAAAAAyA/gSKmHzbJiCg/s1600/559px-Mobile_phone_keyboard.svg.png)
Now, If your name is John all you have to do is :
J - 51
O - 63
H- 42
N - 62
How I get this numbers? J is placed on number 5 and it's first of 3 letters. It's same princip for other letters as well. So basicly you get : John - 51634262 . You can make it more complicated by adding letters. It's all up to you. :D
-
My method..
Select a dictionary.. Not English, I use hindi.
Select a few words randomly.
make a funny sentence from it. that you can remember... Make use of punctuations and use some character other than "," in place of ",".
Now type the password.
You can choose the middle word, the last or the first word and use numerical ranks of the alphabet instead of the alphabet.
this way you are guranteed an easy to remember password.
ex..
suar - pig
ghar - house
shahad - honey
so.. "suargharmeinshahadkharhatha!!"
english "pig eating honey at home!!"
now.. The middle word can be granted numerical rank instead..
:-)..
and you get an alphanumeric password..
though you need to know the ranks our positions of all alphabets...I knew them.. So no trouble..
-
During a password audit, it was discovered one of the employees had the following password:
MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacramento
When asked why such a long password she replied:
"I was told it had to be at least 8 characters long and contain at least one capital!"
I don't use a particular scheme to generate my passwords, I just use whatever word pops in, the think of a synonym which is from slang (therefore not in any language dictionary), add number and special chars. Maybe mix in uppercase letters in as well.
-
During a password audit, it was discovered one of the employees had the following password:
MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacramento
When asked why such a long password she replied:
"I was told it had to be at least 8 characters long and contain at least one capital!"
(http://www.picgifs.com/graphics/l/laughing/graphics-laughing-306832.gif)
-
How do you guys determine a strong password?
If you guys are talking about strong against bruitforce and word listing attacks Then i think a password like,
%%%%%"-"%%%%%
Or
)))))))))))"-"
Would be the strongest.
Becaus bruit force usses special chaseaters at the end , and dictionares dont have those words.
BUT I dont think the stronget password would be enough to protect our data forever becaus every securety system is secure for a small time .
SO on my opinion hiding our data would be the best idea to protect them.
-
derp ))))))) strongest password
Wrong! Dictionary attack uses whatever dictionaries you give it to use. It doesn't have to use words.
-
Wrong! Dictionary attack uses whatever dictionaries you give it to use. It doesn't have to use words.
I know that, but How can a dictionary.txt have the same special chaseate combenation that my password has?
And pls reply my post on hide files on windows.
-
Length matters most after all.
(Don't quote this out of context ;) )
Daemon already mentioned xkcd, but there is also the explanation why, so I post it here:
(https://sslimgs.xkcd.com/comics/password_strength.png)
-
very interesting and helpful :)
-
have u read " Mandiant_APT1_report"?This paper mentioned a Chinese hacker "DOTA",the guy use keyboard based pattern as password ,such as "!qaz@wsx".
keyboard based is insecure
-
Actually statistically speaking any password that you can conscientiously remember is not secure.
More info: http://www.extremetech.com/extreme/133067-unbreakable-crypto-store-a-30-character-password-in-your-brains-subconscious-memory (http://www.extremetech.com/extreme/133067-unbreakable-crypto-store-a-30-character-password-in-your-brains-subconscious-memory)
-
just a question... how many here actually has a 30+ char long secure password?
I don't...
-
I doubt anybody has that. I have a 25 char password only for my encrypted external drive and my encrypted local partition, but that's about it.
The whole point is that you don't have to memorize the password, so it can be 30 chars with no issues. I found the idea quite nice, although I'm worried about it's practical implementation because of the differences between each persons subconscious mind.
-
just a question... how many here actually has a 30+ char long secure password?
I don't...
I have, but I use KeePassX. So no need to remember it.
-
I have, but I use KeePassX. So no need to remember it.
I use that as well, but I have often wondered about how secure it actually is. I mean all it takes is cracking one password and then boom, there are all you super secure passwords to all your super secure government documents..
-
KeePassDroid is a very good port of KeePass for android. Your password DB is much safer on the phone than in the computer.
I use it all the time as I have hundreds of different passwords... can't remember them all.
-
I could had sworn that I read a similar method that the OP had suggested from some old school text document that's a part of 1000 + hacker package :/
I think it was something to do with encrypting harddisk drives and the author used a string of words to make a common phrase or sentence in 1337 5p3ak.
-
I use that as well, but I have often wondered about how secure it actually is. I mean all it takes is cracking one password and then boom, there are all you super secure passwords to all your super secure government documents..
I think it is more secure than using weak and the same passwords all over on the web. The problem is that you can't do anything if the forum you are using is insecure, because the admin is a moron. But you can protect the password that you use for your keepass database.
I can not keep so many passwords in my head that I will take a different one for each website, which means without keepass one hacked website would be enough to get my credentials for other sites too.
If someone managed to get and crack your keepass database, he might as well have installed a keylogger or have stolen other stuff from your computer. You will be fucked up either way - no matter if you use keepass or not.
But I doubt that cracking the keepass database is possible in a realistic amount of time if your password is a secure one and is only in your head.
The alternative to not using keepass and having save passwords all over in the web would be writing down all of them on paper. In that case someone only needs to get that paper. So I rather have one long password in my head. You won't get it, even if you cut my head off.
-
Just to make myself feel better I recently moved my keepass database onto a flashdrive instead of having it on my computer.
I think it is more secure than using weak and the same passwords all over on the web. The problem is that you can't do anything if the forum you are using is insecure, because the admin is a moron. But you can protect the password that you use for your keepass database.
I can not keep so many passwords in my head that I will take a different one for each website, which means without keepass one hacked website would be enough to get my credentials for other sites too.
If someone managed to get and crack your keepass database, he might as well have installed a keylogger or have stolen other stuff from your computer. You will be fucked up either way - no matter if you use keepass or not.
But I doubt that cracking the keepass database is possible in a realistic amount of time if your password is a secure one and is only in your head.
The alternative to not using keepass and having save passwords all over in the web would be writing down all of them on paper. In that case someone only needs to get that paper. So I rather have one long password in my head. You won't get it, even if you cut my head off.
There is always the link Mordred posted to think about...