ARM Club 3

home *** CD-ROM | disk | FTP | other *** search

/ ARM Club 3 / TheARMClub_PDCD3.iso / programs / misc / rndpass / !RNDpass / !Help next >

Wrap

Text File | 1998-08-15 | 7KB | 138 lines

------------ + !RNDpass + ------------ Author : Tony Hopstaken <webracer@xs4all.nl> Support: Nat Queen <n.m.queen@birmingham.ac.uk> Version: 0.90, 15 August 1998 Status : FreeWare Updates: http://web.bham.ac.uk/N.M.Queen/pgp/acorn.html ______________________________________________________________________________ Why !RNDpass? ------------- The word 'password' in this document may also be interpreted as 'pass phrase' (see below). There are many encryption programs around, some with algorithms that are virtually unbreakable. So an attacker would look for the weakest link, which is the password. A password needs to be as strong as possible but easy to remember. !RNDpass tries to give some *ideas* for your password. ______________________________________________________________________________ Setting up !RNDpass? -------------------- The program is already set up for English. The word list is in the file Wordlist. This may be replaced by any other ASCII word list. You may alter the list too. If you speak more languages, you may want to merge different lists. The program accepts anything in ASCII. Some additional word lists, including lists in Dutch, German, French and other languages, can be found at ftp://sable.ox.ac.uk/pub/wordlists. ______________________________________________________________________________ Password passphrase. -------------------- Some programs allow you to enter only one word for a password. Some allow whole sentences. Those are called (surprise) pass phrases. If you need a password, this program may seem to be of no use to you. A single word is to easy to guess. But you can simply generate a pass phrase and then strip the spaces. ______________________________________________________________________________ How to use !RNDpass? ------------------- Most of the options are pretty self-explanatory. • Number of words..... • Minimum word length • Maximum word length Make sure the file Wordlist contains words in the specified range. • Maximum number of words to try If no words in the specified range are found after this number of tries, the search will be aborted. • Use special chars To make the resulting password stronger some special characters (!"£$....) are slipped in. • Use caps To make the resulting password stronger some random capitals are slipped in. • Use smilies To make the resulting password stronger some smilies are slipped in. • Percentage added..... This option inserts a certain percentage of 'Use...' things. The total number of insertions is roughly x% of the password length. • Information ('i') icon Clicking on this icon opens this !Help file. • Light-bulb icon Clicking on this icon opens a file !Tips containing some ideas about how to make a pass phrase stronger. ______________________________________________________________________________ Running !RNDpass from within an archive. ---------------------------------------- !RNDpass is a fairly large program, mainly because of the long file Wordlist. It may become even larger if you merge additional word lists. If you are short of disc space, you can run !RNDpass from within an archive, provided you have !SparkFS or a similar filing system. The archive will occupy only a fraction of the space of the original application, since the large text file Wordlist compresses very efficiently. There may be a noticeable reduction in speed, but this is a small price to pay, since it should not be necessary to use this program frequently. ______________________________________________________________________________ Making things as secure as possible. ------------------------------------ First of all, make sure nobody is around when generating your password. Even if someone else knows that you don't use caps, this is a weakness. The ultimate password is a completely random set of characters like 'hLHLK7^*^*"LK¹²³œKlJKLh&'. This is most secure, but hard to remember. So we need to find something strong that's relatively easy to remember. Take a normal phrase like "Bill Gates owns Microsoft". Lots of people associate Bill Gates with money, which suggests s=$ and L=£. There are also a lot of nicknames for MickeySnot. In some newsgroups, words like 'ruleZ' are popular. This suggests a modified pass phrase like "Bi££ Gate$ ownZ MickeySoft". That's less easy to guess, but perhaps still a little too obvious. This example is only meant to show that a lot can be done to disguise a simple pass phrase. If you know more than one language, a mix of them may be very effective. ______________________________________________________________________________ Okay, I understand, but why is this necessary? ---------------------------------------------- One of the most popular, simple and effective attacks on a password (phrase) is to use a dictionary to test all possible words or word combinations. Some more sophisticated programs can even use grammatical rules to look for meaningful sentences. There exist some very comprehensive dictionaries for password cracking, some of which even contain common incorrect spellings. This is why it's best to try to make your pass phrase look like nonsense. ______________________________________________________________________________ How long should my pass phrase be? ---------------------------------- That depends on a number of factors, such as how easy it is supposed to be to remember, how secure it is supposed to be, and how 'random' it looks. The occurrence of any special characters (non-alphabetic), nonsense words or other meaningless collections of characters will greatly increase the security of your pass phrase. But even if you use only real words from a dictionary as large as the one included in !RNDpass, a pass phrase consisting of 6 or more random words is likely to be unbreakable by any serious attacker (even if the attacker knows which dictionary you used), because of the huge number of possible combinations to try. However, you should still try to avoid pass phrases which consist of only very short words or which have a natural grammatical structure. ______________________________________________________________________________ Some additional tips. --------------------- More detailed advice about pass phrases, and some simple tips for creating good ones, can be found in the accompanying document '!Tips'. ______________________________________________________________________________ Legal notice. ------------- !RNDpass is freeware. The copyright is retained by the author, Tony Hopstaken. You may copy and distribute this software freely as long as none of the files are altered or removed. If you are running a magazine or PD library, you may put it on your disc or CD, provided that you first check http://web.bham.ac.uk/N.M.Queen/pgp/acorn.html for a later version. Dropping a line in my mailbox about this would be appreciated. You may also put it on a BBS. If you want to make it available on the Internet, I would prefer it if you only include a link to the above URL. All the above, and any other, distribution methods are allowed, provided that you only make a reasonable charge for media, post and package, and do not make any profit from its distribution. Otherwise, feel free to contact me. This software must not be distributed as part of any other application without my prior permission.