On 02/17/2015 04:03 PM, Edward Ned Harvey (blu) wrote:
Well, writing down passwords for a little while until you memorize it is good. Writing it down and keeping it around changes it from something you know, to something you have. You might as well write down a 256-bit random key, if you're not going to memorize it.
Except a 256-bit random is very difficult to type. Real words are much easier to type.
I have many of my passwords memorized, but it isn't a fixed set. My memory is more of a cache. When I don't use a password for a while, I will refer to my list, when I have been using it, I can type it by memory.
Only takes 11 words to have cryptographic strength of 121. Everybody is capable of memorizing eleven words.
Harder than you make it sound. I have done it. It is easy to curve-fit a concept through three or four random words, but it gets a lot harder after that. It gets easy to start substituting a synonym or different form for one of the words. Also, when typing blind (ie., no echo) it is easy to make a mistake and not know where in the sequence you made it. I have a quality encryption key that I type regularly, but not every day, and it is surprisingly hard to do. There is an optimal level or rest and caffeination that I don't quite know.
And speaking of encryption keys, don't confuse passwords with encryption keys.
A password is something you check against some oracle that can throttle the rate of its answers. That is why an ATM PIN of only 4-digits can offer good security. But an encryption key of 4-digits is worthless for anyone who is willing to work at it. Worthless as an encryption key but good as a password. The two are very different. Don't confuse them.
-kb _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
