Security Basics mailing list archives
Re: Password creating Theories
From: Neksus <neksus () gmail com>
Date: Wed, 16 Nov 2005 14:13:32 -0500
Jennifer, There is a technique that I really like but unfortunately I can't remember who invented it. It has a few steps and seems complex but when you get used to it, it is very effective (at least I think so) You basically take any 8 word phrase and make a "source" passphrase. For example: I like to eat hot-dogs while in New-York will become: IltehwiN Then you build a character array like this: (sorry if the formatting is bad) abcdefgh ijklmnop qrstuvwx yz123456 7890 Now the fun part is you can keep the same source passphrase but have different passwords by switching the first and last letters of the type of server you have. (you could switch the first 2 letters if you wished, up to you - the idea remains the same) For example, on a Windows server (letters: W and s), you would replace the "i" letter of the passphrase with "W" and replace "t" with "s" (as those letters match vertically). Your Windows password would then become IlsehwWN. For a Unix machine, the password would become IlteUwix. You can also decide if you capitalize the type of server (eg: Unix or unix would give a different password) So you can have a lot of different passwords using the same passphrase. You can keep a copy of the character array in your wallet as it's not easy to remember. I don't recommend this solution to end users but root/admins should be able to use it. If anyone knows the origin of this password technique or knows a site explaining it better that I do, please let me know. (N)
I am currently coming up with a new policy to create root/admin passwords for windows and linux boxes and would like to know your thoughts on the methods you use to create them. Thanks for any input!
Current thread:
- Re: Password creating Theories, (continued)
- Re: Password creating Theories Steve.Cummings (Nov 15)
- RE: Password creating Theories dave kleiman (Nov 16)
- RE: Password creating Theories Andrew Williams (Nov 15)
- Re: Password creating Theories Saqib Ali (Nov 16)
- FW: Password creating Theories Christopher Carpenter (Nov 16)
- Re: FW: Password creating Theories Jonathan Loh (Nov 21)
- RE: Password creating Theories Andrew Williams (Nov 16)
- RE: Password creating Theories dave kleiman (Nov 16)
- RE: Password creating Theories David Fiore (Nov 21)
- RE: Password creating Theories dave kleiman (Nov 16)
- RE: Password creating Theories dave kleiman (Nov 16)
- Re: Password creating Theories Neksus (Nov 16)
- RE: Password creating Theories Bob Kurth (Nov 16)
- Password creating Theories underwood-de (Nov 17)
- RE: Password creating Theories Andrew Williams (Nov 21)
- Re: Password creating Theories Steve.Cummings (Nov 15)