Page 3 of 4

Posted: Fri May 18, 2007 8:54 am
by Alex!
I use patterns such as 0okmnji9 so I only need to remember the first letter :)

Alex

Posted: Fri May 18, 2007 8:57 am
by Chris Corbyn
I hadn't thought of this before, but using anything other than us-ascii is probably a bad idea for passwords. If a website which you're registered on swicthes from say, iso-8859-1 to utf-8 then the actual bytes you send will be different, making the MD5 hash of your password different.

Posted: Fri May 18, 2007 9:20 am
by Luke
never have anyway. Please pardon my ignorance, but is there an easier way for somebody with an English (US) keyboard to enter non-ascii characters%AC How is it done%AC

Posted: Fri May 18, 2007 9:50 am
by onion2k
Hold down ALT and enter the character number. For example, to enter a Yen symbol hold ALT and enter 157 ... ¥

Posted: Fri May 18, 2007 9:50 am
by Luke
Oh yea, I remember that. I used to have to do that for spanish class. :D

Posted: Fri May 18, 2007 10:34 am
by RobertGonzalez
onion2k wrote:Hold down ALT and enter the character number. For example, to enter a Yen symbol hold ALT and enter 157 ... ¥
FYI, on many systems, the numbers have to be entered on the number pad area of your keyboard, not on the numbers at the top of QWERTY.

As for me, all this talk about passwords has helped me forget about 97% of them, so I am changing all of my passwords to:

Code: Select all

***************

Posted: Fri May 18, 2007 11:10 am
by TheMoose
Everah wrote:FYI, on many systems, the numbers have to be entered on the number pad area of your keyboard, not on the numbers at the top of QWERTY.

As for me, all this talk about passwords has helped me forget about 97% of them, so I am changing all of my passwords to:

Code: Select all

***************
You stole my password! How the heck did you guess it so easily?

Posted: Fri May 18, 2007 11:17 am
by onion2k
Thats the same password as I have on my luggage!

Posted: Fri May 18, 2007 11:45 am
by Mordred
As for me, all this talk about passwords has helped me forget about 97% of them, so I am changing all of my passwords to: Code:
***************
Bah, lamer! This one is WAY MORE secure than yours: ****************
alex wrote:I use patterns such as 0okmnji9 so I only need to remember the first letter
That's bad. They are not as random or as unpredictable as you may think. In fact, human beings are EXTREMELY BAD random number generators (http://scienceblogs.com/cognitivedaily/ ... number.php), almost worse than the one in onion2k's sig (http://xkcd.com/c221.html) ;)

It is trivial (as I have indeed done) to make a generator for these types of passwords, I can almost give you a credible statistic on how often people choose one of these. I suggest you use another method for generating random passwords - maybe using a computer random generator with good entropy.

Posted: Fri May 18, 2007 12:40 pm
by alex.barylski
Mordred wrote:
As for me, all this talk about passwords has helped me forget about 97% of them, so I am changing all of my passwords to: Code:
***************
Bah, lamer! This one is WAY MORE secure than yours: ****************
alex wrote:I use patterns such as 0okmnji9 so I only need to remember the first letter
That's bad. They are not as random or as unpredictable as you may think. In fact, human beings are EXTREMELY BAD random number generators (http://scienceblogs.com/cognitivedaily/ ... number.php), almost worse than the one in onion2k's sig (http://xkcd.com/c221.html) ;)

It is trivial (as I have indeed done) to make a generator for these types of passwords, I can almost give you a credible statistic on how often people choose one of these. I suggest you use another method for generating random passwords - maybe using a computer random generator with good entropy.
Ok guru :P

Put the proof in the pudding. I've an organized sequence of characters which means something to me on this site. Here is the MD5 hash even: 7aad5d40ded8605244759ccf7bd99c42

It's not even a random generated value, but quite the opposite.

Ready. Set. Go!

Posted: Fri May 18, 2007 1:52 pm
by matthijs
Hockey wrote:7aad5d40ded8605244759ccf7bd99c42
Ready. Set. Go!
I'll let Mordred do his calculations. In the meantime I'm wondering how in earth I'm going to remember this one let alone type this quickly, without spelling errors, in each password form I encounter ....

:wink:

Posted: Fri May 18, 2007 2:15 pm
by Mordred
Hockey wrote:Put the proof in the pudding. I've an organized sequence of characters which means something to me on this site. Here is the MD5 hash even: 7aad5d40ded8605244759ccf7bd99c42

It's not even a random generated value, but quite the opposite.

Ready. Set. Go!
You will notice that I said I have written a generator (and checker) for these types of passwords, not that I can crack the MD5 of any given one. I will nevertheless have a go at it, but first I'll need to do some metrics before I get back to you. Watch this space ;)

P.S. Meanwhile, as a preliminary test, I would like to know how "organised" is the sequence and what is the exact, or at least the approximate length of the string (say in increments of five). By "organised" do you mean that the characters are "chained" like in alex's string, or do they follow another, but similar in nature pattern (i.e. sequences of chained characters... how many chains if so?).

P.P.S. lowercase, uppercase or mixed?

Posted: Fri May 18, 2007 2:18 pm
by Luke
I use patterns such as 0okmnji9 so I only need to remember the first letter

I don't get it :(

Posted: Fri May 18, 2007 2:43 pm
by Mordred
The Ninja Space Goat wrote:
I use patterns such as 0okmnji9 so I only need to remember the first letter

I don't get it :(
Type it.

Okay, here's what my measures tell me. There are about 47mil 10-character strings made of one "chain" of characters. 9-char are 10mil, 8-char are another 2mil, and the rest are below one. So 1-10 character strings made of one chain are about 60 millions.

Posted: Fri May 18, 2007 11:17 pm
by Kieran Huggins
I have password tiers. The lowest tier (for 99% of web logins) is the name of the company that made my favourite mug. For everything SUPER-SENSITIVE like online banking or root access, I use a different password for each. There's really not that many, so it's not a big deal to remember.