[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: One-line password generator


Jude DaShiell wrote:
> We have a 20 character password here with at least two of each kind of
> symbol in it lowers uppers numbers and symbols.

If you produced it by a quite random method then my only potential
criticism would be the question how you memorize it without the risk
that it gets stolen.
(You should refuse to give any detail, of course.)

The problem with memorizable passwords is usually (*) that they stem from
a guessable base secret and then got modified by applying various good
advise, but without losing their property to be easily memorized.

This good advise is known to the attacker, too. The number of different
such advised methods is then an obstacle for enumeration.
The attacker has to try them, as he tries the guessable base secrets.
But that number is not large, compared to affordable computing power.
After all, one must be able to memorize the method which one used.
So it must be quite simple. Simple means few variations.

(*) If you have a very unusual mindset, then your memorizable passwords
    might be separate enough from the clusters of other people's memorizable
    passwords. Attackers try the most rewarding guesses first.
    If you are a plain memory genius:
    Congrats. Make a good random password and be safe.

Have a nice day :)


Reply to: