[Novalug] Password Patterns

Joel Fouse joel@fouse.net
Wed Mar 5 10:15:46 EST 2008


Regarding keeping track of multiple passwords, I think I've mentioned
here before that I've found PasswordSafe (for Win) and Password Gorilla
(for Win/Linux/Mac/etc) to be invaluable tools.  They use the same
encrypted file format, so I can easily have a pwsafe db of, say,
administrative-type passwords and other info and put a copy on a thumb
drive for another admin who runs Windows.  Both apps can save and
categorize your passwords, and generate new random ones according to a
policy you can set.  I've got a bunch of passwords saved for various
personal e-commerce sites (you know, the ones that require an "account"
even though you'll probably never shop there again because you're buying
some one-time niche product like a lawnmower cover or something) that
are just random gibberish.  If one of those shops gets popped and the
password list scraped, there will be nothing useful on me there.

Now, if only I could get a Palm app to read the same format I'd be
set...

- Joel


On Wed, 2008-03-05 at 09:00 -0600, dwdurham@verizon.net wrote:

> "And then like a good little Nerd you save them all in file named
> "passwords" on your desktop."
> 
> Actually what I did in the Windows world was store them on my Palm Pilot encrypted with a program called "Secret!" which uses 128 bit encryption. The program also has a random generator which I used heavily.
> 
> I have so far failed to get my Palm to talk to Linux and the author of "Secret!" has expressed no interest in porting to Linux anyway. So back to the drawing board as they say. 
> 
> I have begun experimenting with True Crypt to create an encrypted locker on a flash drive which I can move form machine to machine. I have it working on windows machines but not Linux yet. Any suggestions or experience with this approach?
> 
> BTW, I am running Kubuntu but am too new to Linux to be set on one distro.
> 
> Dennis
> 
> =====================
> From: DonJr <djr1952@hotpop.com>
> Date: 2008/03/05 Wed AM 08:24:18 CST
> To: Tux Subscriber Dave Aronson <tux2dave@davearonson.com>
> Cc: novalug@calypso.tux.org
> Subject: Re: [Novalug] Password Patterns
> 
> On Wed, 2008-03-05 at 08:47 -0500, Tux Subscriber Dave Aronson wrote:
> > While we're chiming in on how we create passwords... what I do is take
> > some word (or better yet, short phrase) that the site reminds me of,
> > maybe even a double-jump.  Then I "1337ify" it.  (For the ungrokking,
> > that's "leetify", meaning to substitute digits that look like
> > letters.)  This is a common enough trick that I figure the h4x0rZ have
> > rainbow tables that take that into account.  So I give it a bit of a
> > twist, and only 1337ify every OTHER occurrence of 1337ifiable
> > characters, AND decrement them, by 1 the first time, 2 the second, and
> > so on  Sure, it could be undone by automation, but the number of
> > specific combinations of such algorithms adds several bits to the
> > number of different rainbow tables they'd have to have..  (Actually,
> > my real algorithm is slightly different.  But you've got to go through
> > many guesses to get it right.  See what I mean?)
> > 
> > For example, let's suppose the name NoVaLUG reminds me of luggage,
> > which via Terry Pratchett becomes The Luggage.  With the space
> > squeezed out, and the remainder 1337ified every other occurrence, that
> > becomes 7h3Lu9g49e.  Decremented that becomes 6h2Lu8g37e.  You'd never
> > have guessed, would you?  But I can look at what is asking for my
> > password, be reminded of the original word, apply my transformation,
> > and Curly would say, viola!
> > 
> > Of course, one could apply the same sorts of transformations to
> > passwords created by other means, such as "take the first letters of
> > the opening line of your favorite song" (or some song the site reminds
> > you of).  Better yet if it's something you wrote, and you're not a
> > famous songwriter.  For instance, the entire Nantucket limerick
> > yields, with punctuation, TowamfN,Wdwslhcsi.Hswag,Wwhc,"ImewacIcfi."
> > normally, but the even harder
> > 69w3mfN,Wdw40hcs0.H3wag,Wwhc,"Im2w2c9cfi." after transformation.
> > 
> > -Dave
> 
> And then like a good little Nerd you save them all in file named
> "passwords" on your desktop.
> 
> Also what about the problem of:
>  (The following is from "man passwd" )
>   The user is then prompted for a replacement password.
>   This password is tested for complexity.
>   As a general guideline, passwords should consist of 6 to 8 characters
>   including one or more from each of following sets:
>        ·  lower case alphabetics
>        ·  digits 0 thru 9
>        ·  punctuation marks
> 
> Notice the "Length limit".
> A lot of "passwd handlers" after a certain maximum number of characters
> ignore any additional input. Others even automacticily FAIL a password
> that is to LONG.
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20080305/ef51a18c/attachment.htm>


More information about the Novalug mailing list