Re: Need to generate passwords

[Jim Langston <jlangston@xxxxxxxxxxx>]

From: "Leif Svalgaard" <leif@leif.org>
> From: PaulMmn <PaulMmn@ix.netcom.com>

> > My theory for a secure password is to randomly pick a word and attach
> > a number to it.  Grab any book, magazine, or dictionary.  Open a page
> > at random, close your eyes, and point.  That word, plus the page
> > number, is your new password.
> >
> > Secure?  Probably just as good as a randomly generated license-plate
> > number, and a lot easier to remember.
>
>
> no not secure at all. This type of password can easily be guessed in a few 
>seconds using a traditional "dictionary" attack.

Actually, Leif, this would be fairly secure, but not absolute.  The way the 
traditional dictionary attack works is to get someone's encrypted password, and 
then run the same encryption on every word in a dictionary file until you find 
a match, then you know their password.

This would be thwarted by the page number added to the word, but then all you 
would be to run this same thing 200 times, each time adding 1 to the word.  
First time "cat"  then "cat1"  then "cat2"

If you really want a secure password this way, find a word, any word, and 
change some of the inset characters to numbers, similar to 1337 speek.

Say we found the word "inside".  1nsid3.  I changed the 1st I to a 1, the e to 
a 3.  It would be fairly easy for the user to remember, just remember the word 
"inside", then it would not be hard for them to remember, oh yea, 1 for I, 3 
for e.

Notice I didn't change all the I's.  If it was known that all I's were changed 
to 1's, then just run a dictionary attack changing all I's to 1's, E's to 3's, 
etc...

Regards,

Jim Langston