Friday, June 24, 2011

Password haystacks

I was listening to a Security Now podcast the other day and security researcher Steve Gibson came up with a really interesting method for creating strong passwords that are easy to memorize. He calls his method 'Password haystacks'. The way it works is you start with a strong password and then pad it with easy to remember characters. (Like a needle in a haystack)

So let's start with a decent password: wa9PUCra

By applying the haystack method it becomes something like this:

======wa9PUCra======

or

......wa9PUCra......

or

A11111wa9PUCra11111A

The additional length dramatically increases the time it would take to crack the password using a brute force attack. Obviously twenty random characters would be more secure but most people can't remember a twenty character password. This method strikes a nice balance which gives a big increase in security without affecting the ability to remember the password.

You can read more about it on Steve Gibson's site.

No comments:

Post a Comment

Please note all comments are moderated by me before they appear on the site. It may take a day or so for me to get to them. Thanks for your feedback.