Ivor O’Connor

February 25, 2014


Filed under: Uncategorized — ioconnor @ 10:00 pm

I have not lost a password in decades. And I don’t use a password manager like LastPass. At $12 the price is not the problem. The problem is I don’t like the idea of trusting a third party with passwords.

My passwords are created with a unix utility called pwgen. With all the security issues in the last few years I’ve started making passwords for each particular site. Long ones made of 15 to 25 characters with the command “pwgen -Bsy 15 1”. However entering these on the android is difficult. Finding special characters, numbers, even mixed case, is difficult. So I started thinking about using only the letters that are visible from the main input window on the phone. Basically the 26 letters a-z in lower case. Versus a-z, A-Z, 0-9, and about 33 strange looking characters for a total of about 95.

So putting it into a spreadsheet I see that 95**5 is roughly equal to 26**7. Meaning to brute force bust a 5 character password where each char could be 1 of 95 is the same as cracking a 7 character password of lower case letters. So now I do something like “pwgen -0AB  21 1”.

Entering in six more characters may seem like more work but in reality it is less. Keep in mind you have to make modal switches requiring one or two additional key strokes to get to the next character. So entering five characters from the pool of 95 or so takes about 10 keystrokes. So as many as 45 keystrokes for a 15 alpha-numeric random password versus a constant 21 keystrokes for an equally hard to break password consisting of only lowercase letters. Averaging that out to 1 extra modal switch results in 30 keystrokes versus 21 for only a-z. So my passwords are all of one particular case now.

Another way to look at it is via typing speed. My hunt and peck speed for special characters is slow. Frightfully slow.


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: