genrating secure passwords (was Re: Password choices)

genrating secure passwords (was Re: Password choices)

Post by Richard Hargro » Mon, 02 Jul 1990 15:34:00

Most of the articles posted so far have discussed the ways of generating
bad passwords. Since at any given point in time I may have to be able to
log into as many as 20 different systems (each with a different password
of course; you wouldn't dare use the same password across multiple systems
would you? :-), I use a variant on the method suggested by the CompuServe
adminstrators. Their suggestion is to form your password from


where word1 and word2 are unrelated. The idea is that since the password
has semantic content, it will be easier to remember. Obviously this method
is easily varied (no I'm not going to tell you what my variation is :-).

For generating many, vaguely related passwords, the choices for the words
can come from two classes of words (example: sports and flowers -
"Sailing;Rose"). While the example lists two noun classes, verb or adjective
classes may be used also. Minor variations in the words of a base password
can then be used to generate closely related password groups (i.e. -
"sail;Roses"). This method can be used to generate clusters of passwords
that you can use with password aging systems.

Hope this helps others avoid the "Oh, no! What password am I using on this
system." syndrome.

richard hargrove
...!{ihnp4 | codas | cbosgd}!killer!richardh


1. combinatorics of UNIX passwords & secure passwords

What I'd like to see is a standard routine for translating a long
string of phonetic combinations into a 56- or 64-bit DES key.   If you
could pronounce any possible password, no password would be very
difficult to remember, and dictionary-based password guessing would be
pointless, since you would have to attack a fairly large subset of the



+1 415 477 5045

Fight to preserve your freedom to program: Join the League for

2. csh

3. Can't set root password- Password busy error -is not due to temp password file

4. Wanted: XConfig for Diamond Stealth 64 Video VRam (2 meg) S3 964

5. Password choices

6. Linux OSS/Free select and duplex bugs (and my fixes)

7. command prompt argument error handling

8. Password Choices

9. Password Choice

10. Password Choices

11. How to prevent bad password choices?

12. Network passwords (was Re: How can I set passwords from script/file?)