-
Notifications
You must be signed in to change notification settings - Fork 0
Input files
alokito edited this page Sep 4, 2011
·
1 revision
- I find it helpful to use several books that I've read that are available from Project Gutenberg (all the more reason to read the classics!).
- It may be an ever better idea to use four random names, see http://forums.xkcd.com/viewtopic.php?f=7&t=73384&p=2740553#p2740553
- Also see http://www.baekdal.com/tips/password-security-usability for a longer discussion on word-based security, and the January 2011 update http://www.baekdal.com/tips/the-usability-of-passwords-faq
- One improvement to a random system would be to screen out things that are known to be tried by established attacks. In this case, it would be nice to filter out any sequence of words that actually occurred in the source text. In the case of a random text string generator, it would be nice to filter out any passwords that contain actual words. These techniques would decrease the entropy a tiny bit, but most likely make it more resistent to naive brute force attacks.
- Many online systems have short password length limits, such as 16 characters. This is not easy to deal with, I have taken the first k letters of each word to get it under the limit. This certainly makes the password much weaker.
- Many online systems have special character and case requirements. I just add these in ad-hoc to the words. This likely makes the password somewhat stronger.