[lug] password generating techniques

durist at frii.com durist at frii.com
Wed Mar 21 09:04:49 MDT 2012

This is a really difficult problem, if you don't want to use a password 
wallet or a piece of paper (and there are good reasons for avoiding 

Diceware (http://world.std.com/~reinhold/diceware.html) is widely 
considered to be a good compromise between security/remember-ability.

On Wed, 21 Mar 2012 08:48:35 -0600, Davide Del Vento wrote:
>> /dev/random?
> Are you serious or are you kidding? (sorry, this sounds like
> http://en.wikipedia.org/wiki/Poe%27s_law )
> If you are kidding, fine :-D
> If you are serious, you missed the point. The discussion here is how
> can I *remember* tens if not hundreds of these passwords, not how can
> I generate them. Since I cannot remember them all, I see the 
> following
> options:
> 1) use weaker passwords, easier to remember
> 2) use a single strong password, shared among all the services I use
> 3) use a (mental) algorithm to generate site-specific passwords from 
> a
> single strong one
> 4) use a password manager like Kevin suggested
> 5) use something like OPLOP
> 6) write the strong passwords on a piece of paper
> Of course 1) and 2) are bad, you don't need me to tell you why. 3)
> could be ok, but being "mental" it must be easy and thus it can be
> easy to crack and it is only security by obscurity. I replied to 
> Kevin
> with my objections to 4) so I won't repeat myself. It looks like 5) 
> is
> the best choice, but I had the questions with which I started this
> thread. Option 6) adds the physical security problem to the computer
> security problem, and add the inconvenience of transporting this 
> piece
> of paper with me at all the time in a secure manner.
> Cheers,
> Davide
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 
> channel=#hackingsociety

More information about the LUG mailing list