Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

- - - - -

Best Passwords?


  • Please log in to reply
25 replies to this topic

#13 Tor

Tor

    CC Devotee

  • Just Joined
  • PipPipPipPipPipPip
  • 448 posts

Posted 23 June 2008 - 05:42 AM

Wow Lissa, that is good information! Do you have a script that does this for you or do you do this manually?
  • 0

#14 LissaValerian

LissaValerian

    CC Resident

  • Just Joined
  • PipPipPipPip
  • 52 posts

Posted 23 June 2008 - 05:50 AM

Well, in my own business, because it's small, I handle this all manually.

At one of the large companies, we would do the passwords manually and then propagate them via scripts.

But now that you mention it, thats not a bad idea to write a script to generate something like that ....

Hmmmmmmmmm

:)

~ Lissa Valerian
  • 0

#15 Oigen

Oigen

    CC Addict

  • Just Joined
  • PipPipPipPipPip
  • 105 posts

Posted 24 June 2008 - 05:05 AM

But if someone knows the system, it could be easily decrypted, wouldn't it?
  • 0

#16 LissaValerian

LissaValerian

    CC Resident

  • Just Joined
  • PipPipPipPip
  • 52 posts

Posted 24 June 2008 - 05:33 AM

But if someone knows the system, it could be easily decrypted, wouldn't it?


They'd have to know a couple of things:

1. the specific quote or pass phrase
2. how it was haxored up
3. what methodology used for digits at the end.

I'm sure that if you can script a password generator, you can script something to hack it.

I've just found my passwords to be a bit more difficult than most, and I've not had any complaints (other than that they were a bit complex - which really isn't a *bad* thing, lol).

Most of my coworkers complained that I was too literary, so I started using some movie quotes instead. I think they liked that better. LOL.

I just harrassed them and told them it was the only way I'd ever get them to read shakespeare. :-)
  • 0

#17 Oigen

Oigen

    CC Addict

  • Just Joined
  • PipPipPipPipPip
  • 105 posts

Posted 27 June 2008 - 12:35 PM

Ha ha, good method on getting someone read more Shakespeare these days. I might be interested in trying that myself :D
  • 0

#18 v0id

v0id

    Retired

  • Retired Mod
  • PipPipPipPipPipPipPipPip
  • 2313 posts

Posted 28 June 2008 - 01:39 AM

I do usually use somewhat the same method as Lissa, but not exactly like that. I wrote a script based on the method of Lissa. I've made some minor edits in it though. My own method is somewhat different, and I'll not talk anymore about it, or you'll be able to guess all of my passwords. ;-)


How it works:

1. Receive a "helping string," which can be a some phrase, quote, or whatever the user has in mind.
2. Count the amount of words in the string, and choose 1/3 of the words randomly.
3. The random words will result in numbers (which always are good in passwords, to make them stronger). The number will simply come from the length of the word.
4. The first letter of the rest of the words will simply be used.
5. Combine them all, and we have a good, strong and easy-to-remember password.


Why people will not be able to guess it, although they know the algorithm:

1. They'll have to know the "helping string."
(2. The words chosen for numerizing are randomly chosen)

The last one (2.) is in parentheses as it can be bruteforced easier than the first one (1.). The first one is almost unbruteforcable, as it's a creation of the user's mind.


An example:

Quote by Albert Eintein: "I do not know with what weapons World War III will be fought, but World War IV will be fought with sticks and stones."

We can generate lots of different passwords using this quote. Each time it's run through the generator it will generate a new password, because the words are randomly chosen.

Here's some of the different passwords it generated: "I2nk44wW334bf3WWIw2fwsas," "1d3k4w7W334bfbWWIwb6wsas," "12nk4w7WW34bfbWWI4bfw6as," "I2n4wwwWW3wbf35WI4bfws37," "Idnkww7WW3wb7bW3I42fw63s," ...

They look a little cryptic at the first sight, but if you look carefully, and read how the simple algorithm works, you can see that it is actually pretty simple, and with a little practice you'll be able to remember complex passwords.
  • 0

#19 v0id

v0id

    Retired

  • Retired Mod
  • PipPipPipPipPipPipPipPip
  • 2313 posts

Posted 28 June 2008 - 01:39 AM

And here is the script:
# lipg.py
#  - Lissa-Inspired Password Generator

import sys
import random

if len(sys.argv) == 2:
    helpingString = sys.argv[1].split()
else:
    helpingString = raw_input("Enter helping string: ").split()

partsToNumerize = []
helpingStringLength = len(helpingString)
for notUseful in range(0, helpingStringLength / 3):
    while True:
        number = random.randint(0, helpingStringLength - 1)
        if number not in partsToNumerize:
            partsToNumerize.append(number)
            break

generatedPassword = ""
for index in range(0, helpingStringLength):
    if index in partsToNumerize:
        generatedPassword += str(len(helpingString[index]))
    else:
        generatedPassword += helpingString[index][0]

print "Generated password:   %s" % generatedPassword
And this is how to use it, using parameters:
$ python lipg.py "Your helping string"
...
And how to use it, using no parameters:
$ python lipg.py
Enter helping string: Your helping string
...
And if you want to get rid of the "python" in the beginning, you can chmod it:
$ chmod +x lipg.py
$ ./lipg.py "Your helping string"
...
$ ./lipg.py
Enter helping string: Your helping string
...

  • 0

#20 LissaValerian

LissaValerian

    CC Resident

  • Just Joined
  • PipPipPipPip
  • 52 posts

Posted 30 June 2008 - 11:21 AM

Wow! This is completely awesome! Love it! Thanks for coding this! :)

~LV



And here is the script:

# lipg.py
#  - Lissa-Inspired Password Generator
 
import sys
import random
 
if len(sys.argv) == 2:
    helpingString = sys.argv[1].split()
else:
    helpingString = raw_input("Enter helping string: ").split()
 
partsToNumerize = []
helpingStringLength = len(helpingString)
for notUseful in range(0, helpingStringLength / 3):
    while True:
        number = random.randint(0, helpingStringLength - 1)
        if number not in partsToNumerize:
            partsToNumerize.append(number)
            break
 
generatedPassword = ""
for index in range(0, helpingStringLength):
    if index in partsToNumerize:
        generatedPassword += str(len(helpingString[index]))
    else:
        generatedPassword += helpingString[index][0]
 
print "Generated password:   %s" % generatedPassword
And this is how to use it, using parameters:
$ python lipg.py "Your helping string"
...
And how to use it, using no parameters:
$ python lipg.py
Enter helping string: Your helping string
...
And if you want to get rid of the "python" in the beginning, you can chmod it:
$ chmod +x lipg.py
$ ./lipg.py "Your helping string"
...
$ ./lipg.py
Enter helping string: Your helping string
...


  • 0

#21 Guest_Jordan_*

Guest_Jordan_*
  • Guest

Posted 30 June 2008 - 01:13 PM

Wow, nice work v0id!
  • 0

#22 v0id

v0id

    Retired

  • Retired Mod
  • PipPipPipPipPipPipPipPip
  • 2313 posts

Posted 30 June 2008 - 10:05 PM

Wow! This is completely awesome! Love it! Thanks for coding this! :)

Wow, nice work v0id!

Thanks both of you. :)
  • 0

#23 dheeruyadav

dheeruyadav

    CC Regular

  • Just Joined
  • PipPipPip
  • 29 posts

Posted 02 July 2008 - 12:29 AM

I uses letters numbers and symbols
  • 0

#24 Guest_Wanch_*

Guest_Wanch_*
  • Guest

Posted 04 July 2008 - 05:22 AM

Can you give an example?
  • 0




Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download