Found, a new rootkit

Pedro Fernandes Macedo webmaster at margo.bijoux.nom.br
Wed Apr 5 02:15:08 UTC 2006


Tim wrote:
> The last two being a key problem.  By now, I've amassed about a dozen
> passwords that I just cannot remember.  Even if I wanted to make
> memorable passwords, too many systems are so limited that you can't
> easily do it (e.g. passwords are too short, etc.).  Then there's the
> problem of remembering which password belongs to what account.  Writing
> them down, or writing down the reminder trick, becomes the only way to
> do so.
IMHO, the best way to create passwords (specially when you have a team 
of sysadmins) is choosing a random fact about one of them (or the boss 
or a common friend) and create a sentence with it. For example, if Mark 
loves a soccer team that never wins, a good password may be derived from 
the sentence Mark is crazy to like X soccer team . Then the password 
could be Mic2LkX$t . Since the variety of symbols is quite low, we can 
replace i by 1 or lowercase L, maybe add an exclamation mark before and 
after (in a reference to the usage of question marks in the beginning 
and end of sentences in spanish, for example) and you can get something 
like !Mlc2LkX$t! . It may not be a perfect password, but is good enough 
to memorize (just remember the sentence and the transformations done to 
it) and you're good to go. We used this method on all passwords on my 
last job, with one different set of passwords for class of machines we 
had (Sun, Linux servers, Linux clients, windows clients, etc) and even 
today , 3 years after I quit that job, I still remember almost all the 
passwords (which is quite a feat, since I have quite a lot of trouble 
remembering names, dates, formulas... pretty much anything useful)

Other method I use is quite insane but secure (I've created two 
passwords that I have used for the last four years and never have been 
broken). Find any app that generates a random sequence of characters 
(keygens or other stuff like that can do the trick.. maybe even a tail 
-f /dev/random may be useful) .  If the generated sequence doesn't have 
enough variety of symbols, add some more. Then try to find a way to 
memorize that, using things like the phonetic alphabet, or by finding 
substrings on the password which can be meaningful when examined alone. 
Sometimes even reading out loud the password in other languages may help 
(in my case, only after reading one of my passwords in English I found a 
good way to memorize it).

--
Pedro Macedo




More information about the fedora-list mailing list