From owner-freebsd-current@FreeBSD.ORG Mon Apr 20 11:17:50 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 45DCF1065672 for ; Mon, 20 Apr 2009 11:17:50 +0000 (UTC) (envelope-from christof.schulze@gmx.net) Received: from mail.gmx.net (mail.gmx.net [213.165.64.20]) by mx1.freebsd.org (Postfix) with SMTP id 97DC68FC13 for ; Mon, 20 Apr 2009 11:17:49 +0000 (UTC) (envelope-from christof.schulze@gmx.net) Received: (qmail invoked by alias); 20 Apr 2009 11:17:47 -0000 Received: from dslb-094-223-211-253.pools.arcor-ip.net (EHLO eri.localnet) [94.223.211.253] by mail.gmx.net (mp057) with SMTP; 20 Apr 2009 13:17:47 +0200 X-Authenticated: #3549759 X-Provags-ID: V01U2FsdGVkX18LwVl2toML3ZEhaHbf0/PzQGk3n7zA+X1sVAWQzq QaGqzFHWwgkWz/ From: Christof Schulze To: freebsd-current@freebsd.org Date: Mon, 20 Apr 2009 13:17:41 +0200 User-Agent: KMail/1.11.2 (FreeBSD/7.1-BETA2; KDE/4.2.2; i386; ; ) References: <754723275-1240208442-cardhu_decombobulator_blackberry.rim.net-1046132361-@bxe1006.bisx.prodap.on.blackberry> <49EC305D.4010202@NLnetLabs.nl> <20090420162802.5959c7fa@icy.local> In-Reply-To: <20090420162802.5959c7fa@icy.local> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3048890.ynbdBt7GOl"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200904201317.44334.christof.schulze@gmx.net> X-Y-GMX-Trusted: 0 X-FuHaFi: 0.6 Subject: Re: OT: 2d password X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Apr 2009 11:17:51 -0000 --nextPart3048890.ynbdBt7GOl Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Am Montag 20 April 2009 11:28:02 schrieb K=E1=BB=B3 Anh, Hu=E1=BB=B3nh: > [ ways of generating passwords] > > Finally I get into 2-d moving on the keyboard as described in my first > post. I check some passwords in http://www.testyourpassword.com/ and see > that some stupid patterns on keyboard show a "STRONG" status. I event > get the BEST password with some simple moving around symbols and > letters. I good way to remember secure passwords was presented in the uptimes=20 magazine a while ago in an article about passwords and their security. Good passwords contain a lot of entropy. Also the entropy of letters in the beginning of words seems to be higher=20 than the entropy towards the end of words in western languages. The proposal that the author Thomas Maus is making is this: Pick a sentence and take the first character(s) from each word to be your=20 password. Example "I like doing laundry wednesday evening 8pm." the resulting password would be: "Ildlwe8p" It is easy to remember because the sentence is natural language. Also it is= =20 fairly easy to come up with. This article provides some good insights into the effectivity of password=20 policies. The bottom line is that the way these policies are used today=20 cause weaker passwords because they work against the user. In the end some= =20 proposals are made what to do to obtain better passwords and how to=20 implement a policy for stronger passwords. Regards Christof > > Though Athony said "qweasdzxc" is a popular I still wonder whether we > can use complex patterns on keyboard? And what's tool that help me to > check password strength? > > Regards, > > PS: !!WARNING!! > > Discussing this topic may cause your habits to be known by others. I > don't have intend to gather your information. Thank you for your > understanding. --nextPart3048890.ynbdBt7GOl Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (FreeBSD) iEYEABECAAYFAknsWdgACgkQpZfyPAmdZJlsoACgofTr2wv+T7TY/FUhPc+0E21y 7UoAn0iKWvVkcLT+20izdE+im+izJF+s =AaDF -----END PGP SIGNATURE----- --nextPart3048890.ynbdBt7GOl--