Just for your interest/discussion. I have found a freeware program
that quickly changes a user's small, easily remembered password into a
more formidable one. You simply type in a short password into a
password box, highlight it, and then press F8 (any Fn key can be
chosen). The short password is then changed into a salted (you
provide the string to salt it with) MD5 equivalent with the ability to
choose the outcome length (8 - 32). I have a password that I always
use and alter it with the same criteria that I get from each website.

The program can be found here:

http://cdn.simtel.net/pub/simtelnet/...SSOverride.zip

Is it Windows only?? That would be a vulnerability in itself.

On Mar 8, 11:32*pm, battles wrote:
> * Just for your interest/discussion. *I have found a freeware program
> that quickly changes a user's small, easily remembered password into a
> more formidable one. *You simply type in a short password into a
> password box, highlight it, and then press F8 (any Fn key can be
> chosen). *The short password is then changed into a salted (you
> provide the string to salt it with) MD5 equivalent with the ability to
> choose the outcome length (8 - 32). *I have a password that I always
> use and alter it with the same criteria that I get from each website.
>
> * The program can be found here:
>
> http://cdn.simtel.net/pub/simtelnet/...SSOverride.zip


Why on earth do people have such a hard time with choosing a password.
Look at this one:

Mhallifwwas

Too hard to remember you say? C'mon, gimmee a break! That's crap! It's
easy to remember it. That string is crafted from the FIRST character
in EVERY word of:

Mary ha a little lam it's fleece was white as smow

Mix it up a little! Use

Lh2ddtewpah?

It contains a nomner and a question mark. Sound aecure? It should be.
It stands for

Larry had 2 dozen dogs their ears were pink as hell?

That approach too tough for you folks?

How about

Txtojlwftbd

That's the FIRST character of EVERY word found in the nonsensical
sentence

The xray taken of Jim's leg was found to be defective

I think I can safely bet my life that none of those strings can be
guessed or found n a dictionary anywhere in the world.

Surely EVERYBODY out there can come up with a nonsensical phrase or
sentence that can be used in the same way. Choose one that contains a
numerical digit and at least one punctuation character. Do that and
you will be able to remember the most riduculous strings imaginable.

Em

In
Message-ID:<954140ae-f32d-4a08-96b6-5bc9c33b4bd9@c19g2000prf.googlegroups.com>,
Em wrote:

>Why on earth do people have such a hard time with choosing a password.

>How about
>
>Txtojlwftbd
>
>That's the FIRST character of EVERY word found in the nonsensical
>sentence
>
>The xray taken of Jim's leg was found to be defective
>
>I think I can safely bet my life that none of those strings can be
>guessed or found n a dictionary anywhere in the world.

Taking just that last example:

It would be found in a brute-force search of alpha characters
and has an entropy of about 63 bits. Not bad, but nowhere near
the inherent strength of the 128- or 256-bit algorithms,
themselves.

What I find especially odd, though, is this: If you take the
stated entropy of English, you find that the original,
full-written-out, 53-character passphrase has a LOWER entropy than
that 11-character passphrase.

>Surely EVERYBODY out there can come up with a nonsensical phrase or
>sentence that can be used in the same way. Choose one that contains a
>numerical digit and at least one punctuation character. Do that and
>you will be able to remember the most riduculous strings imaginable.

That helps quite a bit, but even adding numbers and up to 20
possible marks brings you up to only 70 bits of entropy. The OP's
technique allowed for up to 128 bits, *and* (with the salt) the
need to remember only one passphrase to generate different
passwords for every use.

You could increase your entropy by increasing phrase length.
The OP can't improve beyond 128-bit except by doing it twice with
different phrases.

Of course, now that he's blabbed his technique, it's not as
strong as it used to be. (For him, that is. It's quite strong
for anyone else.) As a general rule, using *one*
password-generating technique, and telling people what that
technique is, has to give crackers clues to reduce their search's
key space size.

--
Arthur T. - ar23hur "at" intergate "dot" com
Looking for a z/OS (IBM mainframe) systems programmer position

On Apr 1, 3:53*am, Arthur T. wrote:
> In


Snip, snip, snip . . .

Arthur T, you make no sense at all and what you say is bull****. Where
do you find that crap and why do you use it to make yourself look like
a fool?

Em

In
Message-ID:<5158aab3-78ae-4601-a837-0b8e4554ef70@v26g2000prm.googlegroups.com>,
Em wrote:

>On Apr 1, 3:53*am, Arthur T. wrote:
>> In
>
>
>Snip, snip, snip . . .
>
>Arthur T, you make no sense at all and what you say is bull****. Where
>do you find that crap and why do you use it to make yourself look like
>a fool?
>
>Em

I am in awe of the razor-like intellect that parried my
assertions and demolished my arguments with iron-clad, logical
arguments.

P.S.
Em's entire post was quoted, above.
P.P.S.
Plonk.

--
Arthur T. - ar23hur "at" intergate "dot" com
Looking for a z/OS (IBM mainframe) systems programmer position