Re: Password creating Theories

[Glenn English <ghe () slsware com>]

On Tue, 2005-11-15 at 15:56 -0600, ework0 wrote:

> > I ask the person who's password is being created to tell me the second
> > line of a favorite song, then use the first letters of the line, using
> > numerals where possible and including any punctuation.
> A better approach is validate the passwords instead of apply methods to 
> generate them. An intruder can find out what's your method and perform 
> selective brute force cracking.

I simplified the algorithm a little for posting purposes. It doesn't
have to be a song; a poem or any favorite text will do. And it doesn't
have to be the second line.

We may try a few lines before finding one that meets the several
letters, numerals, punctuation, etc. criteria -- in other words, they
aren't picked totally at random, and they are validated.

A line from Casablanca, the second line of Robert Fitzgerald's
translation of Homer's Odyssey, the third line of "Hey Jude"...

I am laboring under the impression that this method generates extremely
secure, easily remembered, and easily changed passwords. If I'm wrong
I'd like very much to know about it -- and please don't do it by leaving
a README file in my root directory.

-- 
Glenn English
ghe () slsware com
GPG ID: D0D7FF20