From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 8B23F138334 for ; Sun, 10 Feb 2019 22:45:07 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A2BFDE091B; Sun, 10 Feb 2019 22:45:00 +0000 (UTC) Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 31740E08F4 for ; Sun, 10 Feb 2019 22:45:00 +0000 (UTC) Received: by mail-ot1-x32d.google.com with SMTP id s5so14545654oth.7 for ; Sun, 10 Feb 2019 14:44:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=DpICnbFIcfd6lLN8dpTtdfwXgyG6bogppuCCIX35fho=; b=osH/V7lqp6wQ/v61awoRRb9jXRvBWqLCSgOOR26M3B/sFr/3LZbB9HkNNQyNpejZwV NV+kHak3XCX5dFFR6j83+OIyD5sGHEDggg20sTrE3H1vfmsIpFxgvYHKmjLJE1gEVH6h PWzriUtTNYMc6rYU8hCt1WrlakdvJ0Nu3nJ4l+A3Ce4IKf7q/oSCl3T0hqoO6V/U7FTW PMNXpYnFAWUTqlRmDSW41mZV8a3j/iej0w2zJo7UxG8jbuyNYzzkHBhNLZ9Jj/TkIHtS niNB4siaygNio69Y2i7vdIwjgg19xXOPAyijOOUFlR4fjztyMlQmVmIZ4WUXBpY4sQXM 3iBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=DpICnbFIcfd6lLN8dpTtdfwXgyG6bogppuCCIX35fho=; b=WQecQHLLNOop/VOIgRr9BHmCE4tRvdDiEzd3X8dIEFAAkMuXwl+L/eNP3SuYmJ5rkL lHTWxY0QGiP+pz28EdTakt067EZcHgUfTG4R5XFmWXNvMaMSl5HYHmBYCBvhRcWryg5W oyVjCCMsksJ69REj0YJxElJ34urUgZI/4ycCy86Di9BoLULsinSEJw2Y20DpE/G8RBfR 0gDp/6AM2tE4cgY+5jUg4c5YqaBWkKyeydzplr8glxr8xAkn+hc5WGY9i2onrsa+Nv1H 1MBvKrnoTdRcGo7mki3XZxCp/1M6DBoye8JmOFRUE27Z9F7BpA4rmurX7yMNv1VATQg7 gpfw== X-Gm-Message-State: AHQUAuZTQKpzhCv8kG8pRup+gJiI1vP9udEkT841ZE5m8zQH30h6fpFZ +cmW2LcSoP4lyjnG3vg/h5k= X-Google-Smtp-Source: AHgI3Ia9QZ/gq9U7lP73V9RZ7qj8cpCUZ8IyUk3lFiVTUmoiP3tiSSGfqV56M/opRBrNSZeTVxzijg== X-Received: by 2002:a9d:3665:: with SMTP id w92mr5456263otb.262.1549838698963; Sun, 10 Feb 2019 14:44:58 -0800 (PST) Received: from [192.168.2.5] (adsl-68-19-236-144.bna.bellsouth.net. [68.19.236.144]) by smtp.gmail.com with ESMTPSA id b18sm3707857otl.33.2019.02.10.14.44.57 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 10 Feb 2019 14:44:58 -0800 (PST) Subject: Re: [gentoo-user] Coming up with a password that is very strong. To: gentoo-user@lists.gentoo.org References: <8d027455-f210-c399-f5a7-bfb05692cc5f@gmail.com> <20190210191213.f143979ac631765a9dbb6837@gentoo.org> <20190210195934.8446fb0050df0e7256ef0b3b@gentoo.org> From: Dale Openpgp: preference=signencrypt Autocrypt: addr=rdalek1967@gmail.com; prefer-encrypt=mutual; keydata= mQINBFxc7MgBEAC+zrgEdqJJiDe/UDAB+ScmferXWfJTVjbVT2T4DQ7jiLrgP9aNUo1HioNF mrU3JPOCR32gvZyTbY1+niO5+VSo/+pSqQ785h6ZDj1klMkrg6tEzGnf2MNBpBj4houZwxQ+ WDKKTg2M9F+lv8wTIdR/JQn+hSviktLMtrghQlyLhpapsLXWLA6gMFebpQYwxUwemvan8ddX lQvJe9FGyFYvBi0dp1gl10F2O+DVZJxvX8xkX+yImVlhVJiC31gXHRcj+Qlo7gprlU7TIieF Uow6/ZvYKJ26pztVdFCg5w0rMJkF/x8Zd4A6wnuptiAPmWaQ1+YKgYDonbDUgwqFSx5/lN5z DGZ4LlioxeUTTPVvZsqBIeDz6jNFA583OYbo1/S26dqrvTFf2DKlsvoDpVfAhNlwJPjoixs0 X3FNqPv+M10n4kq5Iz7Q9E3O4s/nfFIYGocEslVka7zZPkXSaHbsn+KJlY8XV6qxtCEdh0/V XX1+1aU2J74M0JikWhpwxTZ1dP5aOyWSPPEgFFIRW6xwwC02SoRH9a7mggfGYp/YjPlONNaT SCL8sgRfvmq3D0XTbLyTjSbExxkfKDmbePQagawDE3TlI/oivHf1JaAcbwMb3LZuU4TGcOIl 5D+x7q0MUIeCop0ZFOwAnqW3AVVNvsBkv2KN+IHJryWAf0/iMQARAQABtBtEYWxlIDxyZGFs ZWsxOTY3QGdtYWlsLmNvbT6JAk4EEwEIADgWIQTZ7suruPBaS60bCYXvEM/XWu+ZnAUCXFzs yAIbIwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDvEM/XWu+ZnN+7D/4/1dNG4aCz0+v+ 0dcjV5tY1feYEWCdHKyDzxWBxlCpd/0NPRQeNY4VMjbCl/sq7GkXi/c2SbfWDQ5BQRkkExG1 pSwuXSIehGok/4fpTi3HDAguRvzdCqlKPt7me05FyiC/WnpY5GOlJ3ruGw2qABv/RmV2q5b/ tkq7h1y1f16DTNr3/nsj8HzHcrHdXdL4kaYChSOe/dbQR9Stqak7eMyR+iwvrJMNF/CGl70P 2x5ybsXMDzRVOqNcpa5ZdhEMTVh6+vC1SOmm1BFMF8XCqBEvBbcHWDQmGYTdNCsS/ADm8CBl gvjJgLdIsAzoMu4WHQDFnzXAoArqFWgAf53isOS4AWrv29tF9b8Aa1vb7h5JEa+ArcMsA6Gl X38+GY6WXXaxKI9n3PTCWu9tPGnRh7mABjnwEosDDqmzw8aTAYECb3avDuGY2rmcjgh4H6RE w08d63j1T4d5J9wlm4TGtW/VHgbUFkATEdH3Acl/EjFiyqTiX7p8kU6Reu5enIkogA93xoQh Rmy7ZiST/5LN+ZkaOdyjIw0L+5KalslN9SKt809YxgJ6kPo657LNTFPiFvFA46/SEWcBYrzq Xk0wEW0gBRWf+BqN0qRhU0/EQ+QfRdLLFg2xtUePwlheYLXxfyDLrdCCOLWYpkzbjCZHLS4u 69smbvR9S9KBDNzJybxEWrkCDQRcXOzIARAA5IGRWTqaM44IJgBYghZg2fGj0Am7KWPhE7V7 T/EEe7vVSUEFqHtlHzI4ZK6Q0AZ9uAEjE8IJIQ7KoTjzNqAtabP0vp3s0szgtJlsZ+8vGKlQ my7fvzSrdoQL0Xn7CEwJYFXJ1EMUcYIQeoHG1cUAaXx73k9BFbjwjnUeMrqlV/ZovQlg7duW nESfQ7HZu5NrtYyY3jPMUouxiO9WQPh+IHxZbt1absF2VcvRAymD32RxGvMPbw6ChMRD/p9O 4PH7M5rXaxr78NXQX9E48vrI00f1cYb9NSN1HnSV8cW3jKObVjdBk6jPQwrMvdpgdQhUB9aZ HS/9mC9mmAgiXKyCpzXe7FPB6QznSfn4GIaC/luy1e6SLUkJhRK/niB+gq+Mfxg2zXNuDUTI cMGmpDCp3kgUoorkaltk8RW09io95BkXrGhcDNuSGZfAParBc7RXyYpbIcax8St7tEAd2oFh 4seYOPUlzuhGrPpqR/91wrFc4E1260GKauSr4UhMJv6tygBwyC0mmBMKi+ZXw6ZdZxA5fg7y 35P3TILjznCXXTDgRHq9A3NknKRMcgFacX6eIhANkMFo6oJVjuEgy1dvu1wFfDq7c+i8GAHu L4pYzyXYu6PporlNNU0xSwdVgzM/uuK0lt+UxCimgC+YR3IezgDcbfudb7h9dGIwL+bbPL0A EQEAAYkCNgQYAQgAIBYhBNnuy6u48FpLrRsJhe8Qz9da75mcBQJcXOzIAhsMAAoJEO8Qz9da 75mcXZ4P/1YXgWDZek7mhzrf6uaQzMxa92P89HeWz4PlgB/32symeEFAV04WazzBZffI8AYY rGA1Xmu/2VaB9+FOODyKhUWBc2UL0NRWBk6POwboyTdKlclmpixaN9zLcBt0YLejoRfN1B/5 aQf9/lUDZMnAiCyz0FgeqEMUshldmwWC35RqnjrCbbuk2vIqSH6BLDIXU6jQrLHE1DF0ai41 wLtQFAFXPhn45n0ZwYhVs4Z32z4sjXrIvgBgCaXa4HM+L1Klne0KiNM8ReFTTpTE0SgyDOSZ O3MOa2n77i6JbVtsbiFYnNeP3J9S/l3jevGpZEtNQOKrIm1MW8jGuHWtsDeMkT/mCcSodlkt PxIo+mMK9GpGvG2hW80LiohqNfUbNwAmr3blOYY4URPXPRnEnPs4pmTmL5owjw2dkg145i9I D42Tq+XZ6YtWt3SGzGbAYow6XwTwZ5NFAzV9UQuCGrDw4KWan6O6Z+VIYWsn0UMZlu1Obxna aocofkaUCbISK26kImuD1aA8juSHC18Qv1xUage6/UakbSxyDtACqt6hOVFKX3IA59ApdNRT +2x3iCmlvF9MJsGgFq6IpqL+Fk7iWV8Kjbz0wQOId6N9+JdQh3LrLaS7a1PowUm1z9DK5/O0 Yg+gpDnEOOFI7WM5u7a7FSM2Z/LXGVwel/0eWvLk9tN6 Message-ID: <22f55689-62a8-f12b-53f2-7b542d2b1896@gmail.com> Date: Sun, 10 Feb 2019 16:44:57 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.9.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Archives-Salt: 0b5130b1-8392-4d9c-9edb-b3e97a6bb80a X-Archives-Hash: b22235b646b4475f390923b7b766618f Mark David Dumlao wrote: > On Mon, Feb 11, 2019 at 1:00 AM Andrew Savchenko wrote: >> On Sun, 10 Feb 2019 10:27:32 -0600 Dale wrote: >>> My password manager does that already. The password I was trying to >>> come up with was the master password which I must easily remember, be >>> secure and be easy to type. The other passwords I let the password >>> manager generate and remember as well. I don't type those so they can >>> be anything. >> The line above is approximately the same how I got one of my master >> passwords. It is not that hard to remember 30-40 random chars. >> Just try typing them several hundred times. I'm serious. > That's one of the problems of secure password generation is that human > memory is used backwards. Things become encoded permanently in our > memory after the fact that we've repeated them several times, but most > password generation utilities require you to have perfect memory > first, THEN use repetition to enforce it. > > Both a managed password / algorithmic approach gets this more > humanely. You need to first have a reliable way to generate the > pssword, and if you typie it enough times, your brain will commit it > to memory. > > My biggest thing was to find a way to come up with it.  Most use some famous quote or song and then each first letter or something with a few numbers and symbols thrown in.  Thing is, I don't really have any of those.  So, what I did, I based it on model numbers of some things I like.  I threw in a few symbols as well just to make it harder.  I might add, I used three password strength sites to sort of give me a idea on strength.  I tried different methods to shorten the thing and make it easier to type as well.  I actually ended up with a slightly shorter password but one that the meters said would be harder to crack.  I might add, the difference was large.  The original was something along the lines of thousands of years.  The end result that was easier to type and slightly shorter was millions of years.  I was able to put in more symbols.  Those things help toughen up a password pretty quick. What I find so interesting about this, everyone seems to have a slightly or even very different way of doing this.  Even if a person is reading this list and taking notes, I wish them luck trying to guess our passwords.  Given the variety of methods used, I don't see how any tool could be built that would guess any of our passwords in a short time frame either.  Now if everyone else would put some effort into this instead of using "passw0rd" or something as silly as that, the internet would be a much safer place.  I also ran up on some sites that discussed passwords that people commonly used and some are just laughable but so bad one should cry.  Some people are just plain idiots.  I might add, some sites restrict passwords in ways that keeps a person from generating a really good password too.  Some need to get with the current threat models instead of living in the past when security wasn't such a issue.  Interesting thread. Dale :-)  :-)