Sorry, the message was truncated and I can not modify it. Here is the rest:
mario@svetlana [0] [/home/mario]
$ head -c 3 /dev/urandom | base64
w5eJ
Write it in a paper or leave it in the terminal. Invent a mnemonic for it or
just memorize as is. In this case, I can think of “_W_ill has _5_ fingers
in _e_ach _J_and (hand spelled wrong)”.
Several times through the day, try to remember the password and *then* look
at the paper or terminal to check. Allow yourself 1 day to memorize it, then
if you used a paper, either *eat it* or chew it until it is an homogeneous
blob and then spit it. Repeat this for several days. Your password at the end
is the *concatenation* of all these 4-character chunks in the order
generated.
If at some point you get a chunk that is hard to memorize, you can discard it
and try again. Discarding removes some entropy but I do not think it is
significant (as a *rule of thumb*: You can choose the “best” of 4 tries
for any block and lose only 2 bits of entropy; if you do this each block for
4 blocks, then you still have 88 bits of entropy). To assure that each chunk
gives the maximum amount of entropy (24 bits) you must commit yourself to use
whatever is generated, that is, without discarding. I recommend the “best
of 4” approach: I.e.: Generate 4 chunks each day and memorize the one you
prefer. The other 3 should be discarded.
Each chunk gives 24 bits of entropy. I recommend to use a 4-chunck long
password, for 96 bits of entropy. In my opinion, there is no point in a
longer password; the attacker would simply kidnap you and give you
amobarbital instead of trying brute force. 5 chunks give 120 bits, which is
IMO is enough for *any* password that can be trusted to a single person. For
stronger security requirements, one should instead require N of M good
passwords to unlock the ICBM and then distribute the individual passwords as
appropriate.
Regards.