Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!udel!rochester!bbn.com!nic!kira!emily!wollman From: wollman@emily.uvm.edu (Garrett Wollman) Newsgroups: comp.misc Subject: Re: (In)security of passwords Message-ID: <1991Apr11.024326.13581@uvm.edu> Date: 11 Apr 91 02:43:26 GMT References: <9336@rsiatl.Dixie.Com> Sender: news@uvm.edu Organization: University of Vermont - EMBA Computing Facility Lines: 25 This is why Americans should learn a foreign language (as if we/they don't have neough trouble with English!)... To choose a maximally-secure password, do as I do: 1. Pick two short, easy-to-remember words in a foreign language. It helps to know a language that nobody else knows, like Finnish. 2. Pick a convenient bit of punctuation. 3. Concatenate the three as . Provided you have secure password storage (i.e., no way for anyone to grab your password except for a few seconds while you are logging in), this method is secure against any possible kind of brute-force attack. [Obviously, the baddies can still watch over your shoulder--or worse over your Ethernet--while you type your password...] If there are, say, one million words in Finnish (I know there are many more than that, since you can make 10,000 forms from every verb), then there would be 10*10^6*10^6 = 10^13 = 10 trillion possibilities. If you know more than one foreign language.... -GAWollman Garrett A. Wollman - wollman@emily.uvm.edu Disclaimer: I'm not even sure this represents *my* opinion, never mind UVM's, EMBA's, EMBA-CF's, or indeed anyone else's.