How to get a strong password

I just had an interesting discussion of password strength with some former co-workers. Passwords are used everywhere and are usually very weak, but a former co-worker had an idea of a way to make them stronger that I hadn't heard before. (This is the Internet, so even if I added some emoticons and bracketed this with pseudo-XML like <attempt_at_humor> and </attempt_at_humor>, there would be someone who would think that this is meant to be serious. So I'll try to state in a very clear way that this is NOT meant to be serious. If you don't understand that by now, please go work for one of Voltage's competitors.) This person claimed that every password cracking tool that he had looked at did a brute force attack by doing a loop like this:

for c[1] = 1 to n

  for c[2] = 1 to n

    …

    try password c[1] || c[2] || … || c[m]

    …

  next c[2]

next c[1]

So his claim was that these progams start checking passwords like "aaaaaaaa" and go all the way up to "zzzzzzzz," for example. And because of this, his claim was that something like "zzzzzzzz" is the strongest possible password because it takes the longest time to crack. That's an idea that I hadn't heard before, but then there's probably a very good reason that I hadn't.

Leave a Reply

Your email address will not be published. Required fields are marked *