home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Turnbull China Bikeride
/
Turnbull China Bikeride - Disc 1.iso
/
ARMCLUB
/
EUREKA
/
EUREKA29
/
Programs
/
RNDPass
/
!RNDpass
/
!Help
next >
Wrap
Text File
|
1998-08-15
|
7KB
|
138 lines
------------
+ !RNDpass +
------------
Author : Tony Hopstaken <webracer@xs4all.nl>
Support: Nat Queen <n.m.queen@birmingham.ac.uk>
Version: 0.90, 15 August 1998
Status : FreeWare
Updates: http://web.bham.ac.uk/N.M.Queen/pgp/acorn.html
______________________________________________________________________________
Why !RNDpass?
-------------
The word 'password' in this document may also be interpreted as 'pass phrase'
(see below). There are many encryption programs around, some with algorithms
that are virtually unbreakable. So an attacker would look for the weakest
link, which is the password. A password needs to be as strong as possible
but easy to remember. !RNDpass tries to give some *ideas* for your password.
______________________________________________________________________________
Setting up !RNDpass?
--------------------
The program is already set up for English. The word list is in the file
Wordlist. This may be replaced by any other ASCII word list. You may alter
the list too. If you speak more languages, you may want to merge different
lists. The program accepts anything in ASCII. Some additional word lists,
including lists in Dutch, German, French and other languages, can be found at
ftp://sable.ox.ac.uk/pub/wordlists.
______________________________________________________________________________
Password passphrase.
--------------------
Some programs allow you to enter only one word for a password.
Some allow whole sentences. Those are called (surprise) pass phrases.
If you need a password, this program may seem to be of no use to you.
A single word is to easy to guess. But you can simply generate a pass phrase
and then strip the spaces.
______________________________________________________________________________
How to use !RNDpass?
-------------------
Most of the options are pretty self-explanatory.
• Number of words.....
• Minimum word length
• Maximum word length
Make sure the file Wordlist contains words in the specified range.
• Maximum number of words to try
If no words in the specified range are found after this number of tries,
the search will be aborted.
• Use special chars
To make the resulting password stronger some special characters (!"£$....)
are slipped in.
• Use caps
To make the resulting password stronger some random capitals are slipped in.
• Use smilies
To make the resulting password stronger some smilies are slipped in.
• Percentage added.....
This option inserts a certain percentage of 'Use...' things.
The total number of insertions is roughly x% of the password length.
• Information ('i') icon
Clicking on this icon opens this !Help file.
• Light-bulb icon
Clicking on this icon opens a file !Tips containing some ideas about how
to make a pass phrase stronger.
______________________________________________________________________________
Running !RNDpass from within an archive.
----------------------------------------
!RNDpass is a fairly large program, mainly because of the long file
Wordlist. It may become even larger if you merge additional word lists.
If you are short of disc space, you can run !RNDpass from within an
archive, provided you have !SparkFS or a similar filing system. The
archive will occupy only a fraction of the space of the original
application, since the large text file Wordlist compresses very
efficiently. There may be a noticeable reduction in speed, but this
is a small price to pay, since it should not be necessary to use this
program frequently.
______________________________________________________________________________
Making things as secure as possible.
------------------------------------
First of all, make sure nobody is around when generating your password.
Even if someone else knows that you don't use caps, this is a weakness.
The ultimate password is a completely random set of characters like
'hLHLK7^*^*"LK¹²³œKlJKLh&'. This is most secure, but hard to remember.
So we need to find something strong that's relatively easy to remember.
Take a normal phrase like "Bill Gates owns Microsoft".
Lots of people associate Bill Gates with money, which suggests s=$ and L=£.
There are also a lot of nicknames for MickeySnot.
In some newsgroups, words like 'ruleZ' are popular.
This suggests a modified pass phrase like "Bi££ Gate$ ownZ MickeySoft".
That's less easy to guess, but perhaps still a little too obvious.
This example is only meant to show that a lot can be done to disguise a
simple pass phrase. If you know more than one language, a mix of them may
be very effective.
______________________________________________________________________________
Okay, I understand, but why is this necessary?
----------------------------------------------
One of the most popular, simple and effective attacks on a password (phrase)
is to use a dictionary to test all possible words or word combinations.
Some more sophisticated programs can even use grammatical rules to look for
meaningful sentences. There exist some very comprehensive dictionaries for
password cracking, some of which even contain common incorrect spellings.
This is why it's best to try to make your pass phrase look like nonsense.
______________________________________________________________________________
How long should my pass phrase be?
----------------------------------
That depends on a number of factors, such as how easy it is supposed to be
to remember, how secure it is supposed to be, and how 'random' it looks.
The occurrence of any special characters (non-alphabetic), nonsense words
or other meaningless collections of characters will greatly increase the
security of your pass phrase. But even if you use only real words from a
dictionary as large as the one included in !RNDpass, a pass phrase
consisting of 6 or more random words is likely to be unbreakable by any
serious attacker (even if the attacker knows which dictionary you used),
because of the huge number of possible combinations to try. However, you
should still try to avoid pass phrases which consist of only very short
words or which have a natural grammatical structure.
______________________________________________________________________________
Some additional tips.
---------------------
More detailed advice about pass phrases, and some simple tips for creating
good ones, can be found in the accompanying document '!Tips'.
______________________________________________________________________________
Legal notice.
-------------
!RNDpass is freeware. The copyright is retained by the author, Tony
Hopstaken. You may copy and distribute this software freely as long as none
of the files are altered or removed. If you are running a magazine or PD
library, you may put it on your disc or CD, provided that you first check
http://web.bham.ac.uk/N.M.Queen/pgp/acorn.html for a later version.
Dropping a line in my mailbox about this would be appreciated. You may also
put it on a BBS. If you want to make it available on the Internet, I would
prefer it if you only include a link to the above URL. All the above, and
any other, distribution methods are allowed, provided that you only make a
reasonable charge for media, post and package, and do not make any profit
from its distribution. Otherwise, feel free to contact me. This software
must not be distributed as part of any other application without my prior
permission.