Or, just use Schneier's Password Safe program and let it generate all your passwords for you. I've been using it for years and I swear by it. I have hundreds of passwords stored in it's files and they're all long and very complex.
http://passwordsafe.sourceforge.net/ On 22 March 2014 16:08, Greg Keogh <[email protected]> wrote: > Folks, in Bruce Schneier's latest > newsletter<https://www.schneier.com/crypto-gram-1403.html>there is a section > at the end where he discusses the vulnerability of > passwords. One of the links is to this interesting and frightening article: > > > http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/ > > The hashes in this cracking test were made with plain old MD5, but even > ignoring that, it's a sobering reminder of the progress in guessing and > cracking hashed passwords. I was surprised to learn that salting the hashes > doesn't offer much defence. I was amazed that they were using GPUs for > hashing and a graph shows that they're faster than CPUs ... is that > possible? After this I think the lessons are: > > * Schneier suggests you make passwords out of pieces of words and > sentences to avoid predictable formats. > * Use a more recent and computationally intensive hasher. > * Don't let anyone steal your hashes. > * Don't store the whole hash (I learned in Russinovich's book that > msv1_0<http://dll.paretologic.com/detail.php/msv1_0>.dll > only stores half a user's hash in the registry). > > *Greg K* >
