[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: A better way to think about passwords
From: Ingo =?iso-8859-1?q?Kl=F6cker?= <kloecker () kde ! org>
Date: 2011-04-18 19:45:07
Message-ID: 201104182145.07669 () thufir ! ingo-kloecker ! de
[Download RAW message or body]
[Attachment #2 (multipart/signed)]
On Monday 18 April 2011, Robert J. Hansen wrote:
> On 4/18/2011 1:02 PM, Mark H. Wood wrote:
> > Oh, sure -- I do that too. But the CC memorization problem seems a
> > lot easier. First, it's all digits, not a typical Base64 mishmash.
>
> YMMV, but to me a glyph is a glyph is a glyph.
>
> > Second, it's not a 23-digit number; it's a 16-digit number, a date,
> > and a 3-digit number.
>
> The date is usually encoded as four digits. On mine, for instance,
> it reads 0112.
Yes, it's four digits. But it's also a month (there are only 12) and a
year (which most likely is less than a few years later than today).
Therefore comparing four digits representing a date with a random group
of four digits without apparent meaning is a bit weird. Also, I'd
remember the date as January 2012 and not as Oh-One-One-Two.
> A 16-digit number, a four-digit number and a
> three-digit number turns into a 23-digit number. I personally chunk
> it into five groups of four and one group of three.
>
> > OTOH if there are any useful groupings in
> > "c2l4IHdvcmRzIGxvbmcuCg=="
>
> c2l4 IHdv cmRz IGxv bmcu Cg==, as six chunks of four, took me about
> fifteen minutes spread out over ninety minutes to memorize. However,
> it is not beyond the realm of possibility that I am a freak of
> nature. :)
No. You are actually slow. :-p
There are techniques which allow people trained in those techniques to
remember such a string of characters in a much shorter time, e.g. you
could "invent" a story with 22 words starting with the 22 characters.
As you wrote in another message: This doesn't come for free. One has to
train this.
FWIW, I have a fairly complicated totally random 20-character passphrase
(letter, digits, symbols) which I have memorized pretty quickly after
using it for a few days having to type it each time I start my computer.
(I memorized it without using any of those techniques I referred to
above.) Then again, I can't really tell you this passphrase. I can type
it (with all 10 fingers) but I couldn't tell it to you without
simulating typing it. Maybe I'm a freak of nature. :-)
Or maybe that's just how 10-finger-typing works.
Regards,
Ingo
["signature.asc" (application/pgp-signature)]
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic