In any given password, you can determine the number of possiblities that hide the correct answer with the simple formula n = (v^p) -1 ; where n is the number of possibilities, p is the number of characters in the password, and v is the number of possible values for each character.

Therefore, a good password needs to have lots of characters in it, and make full use of the possible values in each character. Now, how do you make a password which does this, is easy to remember, and doesn't use an obvious linguistic pattern that can be exploited with brute force? People don't like to remember huge complicated strings of letters and numbers, and no one puts up with the annoyance.

Here's my "How to make a password" tutorial:

Instead of using a "password", make a "passpattern". Take a look at how this password would be typed into your computer: qwSDcvGHyuJK7856 (it looks like a wave)
Instead of trying to memorize the string of characters, just remember the pattern your fingers made on the keyboard. To make the thing really hard to crack, add a flaw to the pattern.

Let's take a look at how hard it would be to crack:

26 letters in the alphabet, double that because you used caps, and add 10 for the numeric digits. There are 62 possibilities for each character. Our password is 16 digits long.
62^16 = 47672401706823533450263330815 possible wrong answers. Even if you could test a thousand million possibilities every second, you wouldn't be able to check every answer for billions of years. A dictionary-based attack fares even worse- you're not using words. Social Profiling doesn't work here... the password doesn't have a connection to your life in any way.

The downside: Passwords generated like this are much more vulnerable to "shoulder-surfers", since they operate visually.

any thoughts on this would be great.

3. Just out of curiousity, how old are you? I'm sorry, you don't need to answer the question... But I'm guessing late teens. The reason: Thats basic Math 12 if I'm not mistaken I can elaborate on what you said... The science behind that formula is called a Permutation. It calculates the # of ways an event can take place. Now, if we apply this to passwords, it gets fun!!! Say you have a 3 letter password, using only letters... That means that there are 26 possibilities for each letter... 26^3= 17576 possible combinations of those 3 letters (passwords) Pretty interesting huh? Now, if you include #'s and Letter's in a password and make it over 6 characters in length, this SIGNIFICANTLY increases the # of possible passwords, thus improving your computer's security
Excellent post!!! Very thought provoking

4. I prefer to take a sentance of a song, or from a quote or anything else you can easy remember.

I'll use the title of a song for this example.

Frank Sinatra - The best is yet to come

then take the 1st letter of each word and make that your pass.
my example would become: FS-Tbiytc
I could also add the track number to make it longer and harder to crack.
It would become 006.FS-Tbiytc

This is easy and effective

5. For the person who said they are trying to write a keymap-based brute forcer....

When you test a pattern, run through the quick variations of it, then scramble the order in which the pattern appears. I would say there are more patterns to test (if they added a random char at some point during the pattern) than is feasible, but if you knew that the person had entered a pass that seemed like a pattern, it could narrow it. If I were a cracker, I might write a program that uses a GUI to let me quickly sketch an approximation of a pattern I saw the person type, and it could turn that to a keymap and try brute-forcing based on the inputted observation. Personally, I think that a pattern-based password is great for when you always enter it alone, but it is a lot easier to pick up on for a physical observer and shouldn't be used when you enter your password in another's presence/public place.

For the person who's having problems with pure-pattern passwords... Write a little program into your password-validation thing that does a quick check for obvious patterns on a keymap. Invalidate passwords that fail the test. If you're not really sure on how you'd go about writing such a program, PM me and I'll explain it in more detail (keep in mind I'm mostly a C/C++ person).

6. I use the same method as Mcvay. Or I've used words and twisted them, battleship to bottlechop, for example. have also used the method suggested by Sunflare, in that when setting the pass, I've used symbols, and memorised the finger movements ? generally by saying the word ( original ) and typing the pattern. Biggest problem is that I want to have complex passwords, but that basic bone idleness kicks me in the ass everytime, and I end up setting the pass to run for 6 months ?

#### Posting Permissions

• You may not post new threads
• You may not post replies
• You may not post attachments
• You may not edit your posts
•