Sorry, the message was truncated and I can not modify it. Here is the rest:

mario@svetlana [0] [/home/mario]
$ head -c 3 /dev/urandom | base64
w5eJ

Write it in a paper or leave it in the terminal. Invent a mnemonic for it or just memorize as is. In this case, I can think of “_W_ill has _5_ fingers in _e_ach _J_and (hand spelled wrong)”.

Several times through the day, try to remember the password and *then* look at the paper or terminal to check. Allow yourself 1 day to memorize it, then if you used a paper, either *eat it* or chew it until it is an homogeneous blob and then spit it. Repeat this for several days. Your password at the end is the *concatenation* of all these 4-character chunks in the order generated.

If at some point you get a chunk that is hard to memorize, you can discard it and try again. Discarding removes some entropy but I do not think it is significant (as a *rule of thumb*: You can choose the “best” of 4 tries for any block and lose only 2 bits of entropy; if you do this each block for 4 blocks, then you still have 88 bits of entropy). To assure that each chunk gives the maximum amount of entropy (24 bits) you must commit yourself to use whatever is generated, that is, without discarding. I recommend the “best of 4” approach: I.e.: Generate 4 chunks each day and memorize the one you prefer. The other 3 should be discarded.

Each chunk gives 24 bits of entropy. I recommend to use a 4-chunck long password, for 96 bits of entropy. In my opinion, there is no point in a longer password; the attacker would simply kidnap you and give you amobarbital instead of trying brute force. 5 chunks give 120 bits, which is IMO is enough for *any* password that can be trusted to a single person. For stronger security requirements, one should instead require N of M good passwords to unlock the ICBM and then distribute the individual passwords as appropriate.

Regards.

Reply via email to