Re: Password creating Theories

[Neksus <neksus () gmail com>]

Jennifer,

There is a technique that I really like but unfortunately I can't
remember who invented it. It has a few steps and seems complex but
when you get used to it, it is very effective (at least I think so)

You basically take any 8 word phrase and make a "source" passphrase.
For example:

I like to eat hot-dogs while in New-York
will become:
IltehwiN

Then you build a character array like this: (sorry if the formatting is bad)

abcdefgh
ijklmnop
qrstuvwx
yz123456
7890

Now the fun part is you can keep the same source passphrase but have
different passwords by switching the first and last letters of the
type of server you have. (you could switch the first 2 letters if you
wished, up to you - the idea remains the same)

For example, on a Windows server (letters: W and s), you would replace
the "i" letter of the passphrase with "W" and replace "t" with "s" (as
those letters match vertically). Your Windows password would then
become IlsehwWN. For a Unix machine, the password would become
IlteUwix. You can also decide if you capitalize the type of server
(eg: Unix or unix would give a different password)

So you can have a lot of different passwords using the same
passphrase. You can keep a copy of the character array in your wallet
as it's not easy to remember.

I don't recommend this solution to end users but root/admins should be
able to use it. If anyone knows the origin of this password technique
or knows a site explaining it better that I do, please let me know.

(N)

> I am currently coming up with a new policy to create root/admin passwords
> for windows and linux boxes and would like to know your thoughts on the
> methods you use to create them.  Thanks for any input!