Mageia forum

[dwhite]

As we all know Linux is secure, but I'd like to share trick I learned a few years ago that can make a password more secure It's actually a combination of tricks that suggested to me by Cliff Stoll in his book a cuckoo's. egg and another Unix administrator from Sussex Uni.
We all know a strong password is a word not in a dictionary but a miss-spelled word is less likely to be found so stronger Adding non-letters makes the password stronger.

Think of a word. Phonetic would be good, (I was taught English using the ITA system so my spelling and grammer is atrocious but I'm good at this) add a Hyphen after every syllable use a $ for any s and £ for any L. Cyclic or Scandinavian Will have other opportunities. Now that's stronger than any random series of letters and you don't have to write it down to remember it.

[doktor5000]

pwgen -By can also be used to create passwords which are easy to remember, but random combinations of all signs, and any length.
But, there are even easier methods, as e.g. explained in http://www.baekdal.com/insights/passwor ... -usability.

Quoting an excerpt:

Using more than one simple word as your password increases you security substantially (from 3 minutes to 2 months). But, by simply using 3 words instead of two, you suddenly got an extremely secure password.

It takes:

1,163,859 years using a brute-force method
2,537 years using a common word attack
39,637,240 years using a dictionary attack

It is 10 times more secure to use "this is fun" as your password, than "J4fS<2".

[dwhite]

The trick I propose would have the same effect, increasing the number of characters. So "I'm_having_fun" , although three words is twelve characters. What any security adviser should do is demand users change passwords that are easy to remember be it by using a pass phrase rather than a password, easy to remember passwords aren't written down "I'm having fun,"is exactly as secure as twelve random characters but could be scrawled on a postcard and pinned above your monitor, if it's with dozens of other post cards, but I do like the phrase thing I didn't know that wrinkle

[r0b0tl0ve]

This sounds like the xkcd password strength comic. The solidity of this idea depends largely on the dictionary size of possible words you're using:

http://skeptics.stackexchange.com/a/10524

[dwhite]

Not really. You use words Not in a dictionary and then misspell them The dictionary would be in the Crackers possession

[r0b0tl0ve]

you mean, like, misspelled, made-up words? I like it.