A better way to think about passwords

Ingo Klöcker kloecker at kde.org
Mon Apr 18 21:45:07 CEST 2011

On Monday 18 April 2011, Robert J. Hansen wrote:
> On 4/18/2011 1:02 PM, Mark H. Wood wrote:
> > Oh, sure -- I do that too.  But the CC memorization problem seems a
> > lot easier.  First, it's all digits, not a typical Base64 mishmash.
> YMMV, but to me a glyph is a glyph is a glyph.
> > Second, it's not a 23-digit number; it's a 16-digit number, a date,
> > and a 3-digit number.
> The date is usually encoded as four digits.  On mine, for instance,
> it reads 0112.

Yes, it's four digits. But it's also a month (there are only 12) and a 
year (which most likely is less than a few years later than today). 
Therefore comparing four digits representing a date with a random group 
of four digits without apparent meaning is a bit weird. Also, I'd 
remember the date as January 2012 and not as Oh-One-One-Two.

> A 16-digit number, a four-digit number and a
> three-digit number turns into a 23-digit number.  I personally chunk
> it into five groups of four and one group of three.
> > OTOH if there are any useful groupings in
> > "c2l4IHdvcmRzIGxvbmcuCg=="
> c2l4 IHdv cmRz IGxv bmcu Cg==, as six chunks of four, took me about
> fifteen minutes spread out over ninety minutes to memorize.  However,
> it is not beyond the realm of possibility that I am a freak of
> nature.  :)

No. You are actually slow. :-p
There are techniques which allow people trained in those techniques to 
remember such a string of characters in a much shorter time, e.g. you 
could "invent" a story with 22 words starting with the 22 characters.

As you wrote in another message: This doesn't come for free. One has to 
train this.

FWIW, I have a fairly complicated totally random 20-character passphrase 
(letter, digits, symbols) which I have memorized pretty quickly after 
using it for a few days having to type it each time I start my computer. 
(I memorized it without using any of those techniques I referred to 
above.) Then again, I can't really tell you this passphrase. I can type 
it (with all 10 fingers) but I couldn't tell it to you without 
simulating typing it. Maybe I'm a freak of nature. :-)
Or maybe that's just how 10-finger-typing works.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110418/1d7edbc8/attachment.pgp>

More information about the Gnupg-users mailing list