Skip to comments.Passphrases That You Can Memorize ó But That Even the NSA Canít Guess
Posted on 03/27/2015 9:21:39 AM PDT by Utilizer
click here to read article
For just daily use passwords, Gibson Research Corporation has a website that refreshes with a string of 63 or 64 random characters, and you can help yourself to as many as you like.
Then *these* logins and passwords you would keep in a secure file vault with greater decryption protection.
I might add that it is very useful to keep a “master key” hidden in perpetual archive storage on some unimpressive websites around the world. Just a seemingly random stream of characters that you put there from somebody else’s computer.
The NSA doesn’t “guess” at passphrases. The author has no idea what it’s talking about.
“The NSA calculates the hash key thats generated by your password”
Not even that. They use very high order math to simply decode your message. No key needed.
Boston Mississippi is easy enough to remember. Replace every other “i” and “o” with 1 or 0 and it makes it pretty secure.
Try Oklahoma City Minnesota or Islip Colorado.
Just re-read your post. What you are asking about is actually fairly common, and is called a dual-encryption scheme. Encrypting a file more than once using the same or differing passwords for greater security.
Using different passwords makes it more difficult to decrypt your file later if you do not recall which passwords were used and where, however.
There are other methods, but this article is simply discussing passwords, not methods of encryption.
Who is BB?
Useful, but then there’s still the problem of remembering the passwords.
Uh, no. That's not how hashes work.
In order to build a hash table for a target, you first have to know a lot of details, like the algorithm, the salt, and any additional padding. This will let you build a pre-computed table that will save you some work.
When you build a hash table, it is only good for the passwords you used to build the table. Fortunately for the NSA and other criminal crackers, a table of a few hundred passwords would let you break into most systems, because there is always at least one idiot who thinks that "password123" is a good password. If you have a decent password, you're not going to be able to precompute it.
It's been claimed, and I'd be surprised if it wasn't true that NSA and other criminal organizations have multi-gigabyte hash tables to facilitate certain types of dictionary attacks. Again, it's still not going to help if your password is D6nl^@9a[v76@X),.s*y.
Of course few people use passwords like that. I have certain passphrases that are more than 30 characters long. You'd be surprised at how quickly you can type a string if you enter it enough times.
That is why you use different passwords at different levels of activity.
For instance, the perhaps 10 or so passwords you use online for important sites, should be unmemorable characters in an unusual number greater than say 17 characters. If they are “junk” sites that do not have personal or financial information on them, they don’t need greater security, so can be throwaway logins and passwords.
Importantly, you DO NOT store these passwords on your computer, or let your browser store them, either. Instead, you keep them in a vault, typically 2 thumb drives, both of which are protected by your “dice” password.
This means it is far more likely that your password will be compromised by the online site than by you. So every one of these 17 character passwords should be “dated for freshness”, and changed periodically, say once each six months.
An unforgettable phrase can be used for passwords. “The right of the people to keep and bear arms shall not be infringed” gives “TROTPTKABASNBI”. Make a few letters lower case and a few into numbers, and you have “Tr0tPTK@Ba5nB1”. Pretty good security, and memorable after typing it a few times. I prefer to use something only slightly better than “password123” for non-financial sites with highly secure passwords for things that matter.
I’ve wondered that myself.
or slept with derek jeter.
Yep - and ‘password’ along wit ‘1234’ are strong...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.