[148708] in cryptography@c2.net mail archive
Re: [Cryptography] Passwords are dying - get over it
daemon@ATHENA.MIT.EDU (Kent Borg)
Wed Dec 25 14:57:51 2013
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <alpine.BSO.2.03.1312241618380.15487@astro.indiana.edu>
From: Kent Borg <kentborg@borg.org>
Date: Wed, 25 Dec 2013 08:45:27 -0500
To: Jonathan Thornburg <jthorn@astro.indiana.edu>,
Cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
Jonathan Thornburg <jthorn@astro.indiana.edu> wrote:
>What are the advantages & disadvantages of this (diceware) vs the old
>"think of a long sentence or phrase, and take the 1st letter of each
>word"
>scheme. E.g. "FDR was elected to 3 full terms as US president & also
>served part of a 4th term, but he was never vice-president" gives
> Fwet3ftaUp&aspoa4t,bhwnv-p
My problem is the "think of" part, I want a password that has been built from random data, not something I dreamed up. If the phrase really is memorable, it might be from The Lord of The Rings, and so part of a cracker list. (Your example appears not to be.) If it is something you made up and no one could anticipate, will it be memorable enough? Will you mess up a comma or preposition?
My solution is to have good *passwords* but realize they can be short. Encryption keys, however, are a different beast that must be far longer, so I try to have fewer I have to remember, mostly just the one I use to encrypt all the others. How many encryption keys do most normal people have?
-kb
--
Sent from my Turing machine.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
