Author Topic: A method to make a super strong,easy to remember password  (Read 12842 times)

0 Members and 8 Guests are viewing this topic.

Offline rasenove

  • Baron
  • ****
  • Posts: 950
  • Cookies: 53
  • ಠ_ಠ
    • View Profile
Re: A method to make a super strong,easy to remember password
« Reply #15 on: December 21, 2012, 04:32:48 pm »
Wrong! Dictionary attack uses whatever dictionaries you give it to use. It doesn't have to use words.


I know that, but How can a dictionary.txt have the same special chaseate combenation that my password has?
 
And pls reply my post on hide files on windows.
My secrets have secrets...

Offline Deque

  • P.I.N.N.
  • Global Moderator
  • Overlord
  • *
  • Posts: 1203
  • Cookies: 518
  • Programmer, Malware Analyst
    • View Profile
Re: A method to make a super strong,easy to remember password
« Reply #16 on: December 21, 2012, 04:33:07 pm »
Length matters most after all.
(Don't quote this out of context ;) )

Daemon already mentioned xkcd, but there is also the explanation why, so I post it here:


Offline Rogo032

  • NULL
  • Posts: 3
  • Cookies: 1
    • View Profile
Re: A method to make a super strong,easy to remember password
« Reply #17 on: February 25, 2013, 06:59:36 pm »
very interesting and helpful :)

Offline paroalto

  • NULL
  • Posts: 3
  • Cookies: 1
  • To a aimless ship all winds are contrary!
    • View Profile
Re: A method to make a super strong,easy to remember password
« Reply #18 on: March 14, 2013, 04:29:13 am »
have u read " Mandiant_APT1_report"?This paper mentioned a Chinese hacker "DOTA",the guy use keyboard based pattern as password ,such as "!qaz@wsx".
keyboard based is insecure

Offline Mordred

  • Knight
  • **
  • Posts: 360
  • Cookies: 135
  • Nvllivs in Verba
    • View Profile
Re: A method to make a super strong,easy to remember password
« Reply #19 on: March 14, 2013, 10:50:29 am »
Actually statistically speaking any password that you can conscientiously remember is not secure.

More info: http://www.extremetech.com/extreme/133067-unbreakable-crypto-store-a-30-character-password-in-your-brains-subconscious-memory

« Last Edit: March 14, 2013, 10:51:51 am by Mordred »
\x57\x68\x79\x20\x64\x69\x64\x20\x79\x6f\x75\x20\x65\x76\x65\x6e\x20\x66\x75\x63\x6b\x69\x6e\x67\x20\x73\x70\x65\x6e\x64\x20\x74\x68\x65\x20\x74\x69\x6d\x65\x20\x74\x6f\x20\x64\x65\x63\x6f\x64\x65\x20\x74\x68\x69\x73\x20\x6e\x69\x67\x67\x72\x3f\x20\x44\x61\x66\x75\x71\x20\x69\x73\x20\x77\x72\x6f\x6e\x67\x20\x77\x69\x74\x68\x20\x79\x6f\x75\x2e

Offline relax

  • Sir
  • ***
  • Posts: 562
  • Cookies: 114
  • The one and only
    • View Profile
Re: A method to make a super strong,easy to remember password
« Reply #20 on: March 14, 2013, 11:20:33 am »
just a question... how many here actually has a 30+ char long secure password?
I don't...


Offline Mordred

  • Knight
  • **
  • Posts: 360
  • Cookies: 135
  • Nvllivs in Verba
    • View Profile
Re: A method to make a super strong,easy to remember password
« Reply #21 on: March 14, 2013, 11:48:06 am »
I doubt anybody has that. I have a 25 char password only for my encrypted external drive and my encrypted local partition, but that's about it.

The whole point is that you don't have to memorize the password, so it can be 30 chars with no issues. I found the idea quite nice, although I'm worried about it's practical implementation because of the differences between each persons subconscious mind.
\x57\x68\x79\x20\x64\x69\x64\x20\x79\x6f\x75\x20\x65\x76\x65\x6e\x20\x66\x75\x63\x6b\x69\x6e\x67\x20\x73\x70\x65\x6e\x64\x20\x74\x68\x65\x20\x74\x69\x6d\x65\x20\x74\x6f\x20\x64\x65\x63\x6f\x64\x65\x20\x74\x68\x69\x73\x20\x6e\x69\x67\x67\x72\x3f\x20\x44\x61\x66\x75\x71\x20\x69\x73\x20\x77\x72\x6f\x6e\x67\x20\x77\x69\x74\x68\x20\x79\x6f\x75\x2e

Offline Deque

  • P.I.N.N.
  • Global Moderator
  • Overlord
  • *
  • Posts: 1203
  • Cookies: 518
  • Programmer, Malware Analyst
    • View Profile
Re: A method to make a super strong,easy to remember password
« Reply #22 on: March 14, 2013, 05:43:17 pm »
just a question... how many here actually has a 30+ char long secure password?
I don't...

I have, but I use KeePassX. So no need to remember it.

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: A method to make a super strong,easy to remember password
« Reply #23 on: March 19, 2013, 07:05:28 pm »
I have, but I use KeePassX. So no need to remember it.

I use that as well, but I have often wondered about how secure it actually is. I mean all it takes is cracking one password and then boom, there are all you super secure passwords to all your super secure government documents..
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: A method to make a super strong,easy to remember password
« Reply #24 on: March 19, 2013, 07:40:05 pm »
KeePassDroid is a very good port of KeePass for android. Your password DB is much safer on the phone than in the computer.
I use it all the time as I have hundreds of different passwords... can't remember them all.
« Last Edit: March 19, 2013, 07:40:59 pm by Kulverstukas »

Offline an4rch1

  • Peasant
  • *
  • Posts: 75
  • Cookies: 12
  • I Love Debian!
    • View Profile
Re: A method to make a super strong,easy to remember password
« Reply #25 on: March 20, 2013, 07:10:32 pm »
I could had sworn that I read a similar method that the OP had suggested from some old school text document that's a part of 1000 + hacker package :/


I think it was something to do with encrypting harddisk drives and the author used a string of words to make a common phrase or sentence in 1337 5p3ak.



Skids should check this site out!

http://www.catb.org/jargon/html/index.html


Offline Deque

  • P.I.N.N.
  • Global Moderator
  • Overlord
  • *
  • Posts: 1203
  • Cookies: 518
  • Programmer, Malware Analyst
    • View Profile
Re: A method to make a super strong,easy to remember password
« Reply #26 on: March 21, 2013, 11:55:12 am »
I use that as well, but I have often wondered about how secure it actually is. I mean all it takes is cracking one password and then boom, there are all you super secure passwords to all your super secure government documents..

I think it is more secure than using weak and the same passwords all over on the web. The problem is that you can't do anything if the forum you are using is insecure, because the admin is a moron. But you can protect the password that you use for your keepass database.
I can not keep so many passwords in my head that I will take a different one for each website, which means without keepass one hacked website would be enough to get my credentials for other sites too.

If someone managed to get and crack your keepass database, he might as well have installed a keylogger or have stolen other stuff from your computer. You will be fucked up either way - no matter if you use keepass or not.
But I doubt that cracking the keepass database is possible in a realistic amount of time if your password is a secure one and is only in your head.
The alternative to not using keepass and having save passwords all over in the web would be writing down all of them on paper. In that case someone only needs to get that paper. So I rather have one long password in my head. You won't get it, even if you cut my head off.
« Last Edit: March 21, 2013, 11:57:02 am by Deque »

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: A method to make a super strong,easy to remember password
« Reply #27 on: March 28, 2013, 10:48:05 pm »

Just to make myself feel better I recently moved my keepass database onto a flashdrive instead of having it on my computer.

I think it is more secure than using weak and the same passwords all over on the web. The problem is that you can't do anything if the forum you are using is insecure, because the admin is a moron. But you can protect the password that you use for your keepass database.
I can not keep so many passwords in my head that I will take a different one for each website, which means without keepass one hacked website would be enough to get my credentials for other sites too.

If someone managed to get and crack your keepass database, he might as well have installed a keylogger or have stolen other stuff from your computer. You will be fucked up either way - no matter if you use keepass or not.
But I doubt that cracking the keepass database is possible in a realistic amount of time if your password is a secure one and is only in your head.
The alternative to not using keepass and having save passwords all over in the web would be writing down all of them on paper. In that case someone only needs to get that paper. So I rather have one long password in my head. You won't get it, even if you cut my head off.

There is always the link Mordred posted to think about...
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python