|
|
|
|
|
|
by jaybill
5124 days ago
|
|
|
I get annoyed when I can't use spaces, because my general password strategy is to click my link bar shortcut to Random Wikipedia Page, pick five or six words and use that as my password. Easy to remember, hard to guess, even harder to brute force. Thanks XKCD! I use Keepass to store passwords for the various things I use, and even though my hive is stored on a web server (uses SSL and requires a password, of course) for convenience, it has a well chosen, rotated password and a key file that I carry on a USB stick with my keys. I keep a backup of the key file in a safe physical location. No two passwords are the same and none is less than 16 characters. One nice thing about Keepass is that you can also store URLs and other arbitrary information in the hive. Should anything ever happen to me, my wife will automatically receive instructions on how to locate and access the hive. (automatic email, dead man switch) Keepass also lets you set reminders so you can regularly change passwords. |
|
|
To brute force your password, all somebody has to do is choose a starting word in Wikipedia and some number of consecutive words. This is log2(size of Wikipedia) + log2(entropy of your "5 or 6" distribution). This is less than 32 bits of entropy, or about a six character password in a 64 character alphabet, i.e. it's trivial to brute force this password if you have the hash.