Re: Can't create a password successfully.

To: debian-user@lists.debian.org
Subject: Re: Can't create a password successfully.
From: David Christensen <dpchrist@holgerdanske.com>
Date: Sun, 3 Apr 2022 18:37:54 -0700
Message-id: <[🔎] 0c5c0156-2889-5495-7a0a-f1e5e1a7ba88@holgerdanske.com>
In-reply-to: <[🔎] LTQL7pY6KtOw05HQwB4tQi66c65Y_1d9vcS-nuXMNfw_z2HAnIS_9ggaUOy8vMC1nDOhk1U-oq9PdS6RRCnkOTwEtPMnxm9eVJoS2e4VsbI=@protonmail.com>
References: <[🔎] CAOzDMd73=GVartts7-X2P-4DrDxsiX54+SNRQTdbHDqi8Y6GxA@mail.gmail.com> <[🔎] 20220403201014.3ab013c4@earth.stargate.org.uk> <[🔎] 03042022202110.379e8ae176b8@desktop.copernicus.org.uk> <[🔎] Ykn5awJbJQUOsVM5@einval.com> <[🔎] LTQL7pY6KtOw05HQwB4tQi66c65Y_1d9vcS-nuXMNfw_z2HAnIS_9ggaUOy8vMC1nDOhk1U-oq9PdS6RRCnkOTwEtPMnxm9eVJoS2e4VsbI=@protonmail.com>

On 4/3/22 14:05, ghe2001 wrote:

Another password generator suggestion:

I'm 79 and memory isn't what it used to be, so I find those "secure" passwords generated by computers to be less than optimal.

I use a system that I claim can't be hacked by a dictionary search and almost certainly not by guessing, but will be easy to remember:

Think of a line or two from a relatively obscure play or poem or song that you like.  A while back, a woman I needed a pw for used lines from an aria in one of Mozart's operas -- in Italian.

Just take the first letters of the words, case included, and all the punctuation and stuff, and that's your pw.  You may need to add a few numerals to make the bank's pw checker happy.  When you want to use it, run the line(s) through your mind, and you remember the pw.

If anyone on this list knows why that won't work, I'd sure appreciate knowing about it...

Mozart is famous enough that I expect transcripts of all of his worksexist. And, that algorithm is common. Generating a dictionary for thepair is trivial; it's just a question of password length. I expect thatserious crackers already have such.

Using a unique and unpublished phrase or sentence would precludecreating a dictionary. But, is there such a thing as a "unique andunpublished phrase or sentence" and how do you remember it forever?

Given defenses such as fail2ban(8), a dictionary is usable only if theattacker has obtained the salted password hash (e.g. /etc/shadow) andcan do the work offline.

That said, the stories I read usually cite credential stuffing orphishing as the origin of breeches:


https://www.sentinelone.com/blog/7-ways-hackers-steal-your-passwords/


David

Reply to:

Follow-Ups:
- Re: Can't create a password successfully.
  - From: ghe2001 <ghe2001@protonmail.com>

References:
- Can't create a password successfully.
  - From: PanosGR <panagoulias989@gmail.com>
- Re: Can't create a password successfully.
  - From: Brad Rogers <brad@fineby.me.uk>
- Re: Can't create a password successfully.
  - From: Brian <ad44@cityscape.co.uk>
- Re: Can't create a password successfully.
  - From: "Andrew M.A. Cater" <amacater@einval.com>
- Re: Can't create a password successfully.
  - From: ghe2001 <ghe2001@protonmail.com>

Prev by Date: Re: networking.service fails
Next by Date: Re: password
Previous by thread: Re: Can't create a password successfully.
Next by thread: Re: Can't create a password successfully.
Index(es):
- Date
- Thread