Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!gatech!mcnc!rti!trt From: trt@rti.UUCP (Thomas Truscott) Newsgroups: comp.unix.wizards Subject: Re: PASSWORD GUESSING Summary: Be sure to randomize your passwords Message-ID: <3126@rti.UUCP> Date: 14 Aug 89 14:40:18 GMT References: <1919@aucs.UUCP> <737@rwing.UUCP> <1043@accuvax.nwu.edu> <3532@internal.Apple.COM> Organization: Research Triangle Institute, RTP, NC Lines: 28 > I like passwords that are created by using the first letter in each word > of a sentence such as: > > "I like eating hot soup in the winter" > > So, the passwd would be "ilehsitw" ... This approach is fine, so long as the resulting password is hard to guess. The Bad Guy is aware of this style of password generation and is likely to try it on everything in Bartlett's Familiar Quotations (for example). So "pppapopp" may seem obscure, but "Peter Piper picked a peck of pickled peppers" is not and that matters too. No problem, just randomize the password by changing or adding letters. E.g. change the "pa" to "qb", yielding "ppqbpopp" which is only slightly harder to remember but is much harder to guess. There are lots of different ways to randomize a password, just make sure you choose a random way! The "ilehsitw" has about 36 bits of effective key according to an "obviousness" detector that I wrote based on James Gilogly's routine that uses frequency of English letter triples. Your mileage may vary but 36 bits is an excellent key compared to most, and the other passwords (e.g. "IwaVTfmnc") are even better. Just make sure there aren't sneaky ways to guess the password. Tom Truscott