× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2002

Re: Need to generate passwords

From: "Leif Svalgaard" <leif@leif.org>
> From: PaulMmn <PaulMmn@ix.netcom.com>

> > My theory for a secure password is to randomly pick a word and attach
> > a number to it.  Grab any book, magazine, or dictionary.  Open a page
> > at random, close your eyes, and point.  That word, plus the page
> > number, is your new password.
> >
> > Secure?  Probably just as good as a randomly generated license-plate
> > number, and a lot easier to remember.
>
>
> no not secure at all. This type of password can easily be guessed in a few 
>seconds using a traditional "dictionary" attack.

Actually, Leif, this would be fairly secure, but not absolute.  The way the 
traditional dictionary attack works is to get someone's encrypted password, and 
then run the same encryption on every word in a dictionary file until you find 
a match, then you know their password.

This would be thwarted by the page number added to the word, but then all you 
would be to run this same thing 200 times, each time adding 1 to the word.  
First time "cat"  then "cat1"  then "cat2"

If you really want a secure password this way, find a word, any word, and 
change some of the inset characters to numbers, similar to 1337 speek.

Say we found the word "inside".  1nsid3.  I changed the 1st I to a 1, the e to 
a 3.  It would be fairly easy for the user to remember, just remember the word 
"inside", then it would not be hard for them to remember, oh yea, 1 for I, 3 
for e.

Notice I didn't change all the I's.  If it was known that all I's were changed 
to 1's, then just run a dictionary attack changing all I's to 1's, E's to 3's, 
etc...

Regards,

Jim Langston

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.