I have recently decided to encrypt my Gentoo Linux installation. I am going to use cryptsetup with LVM. LVM filesystem will be placed inside encrypted dm-crypt partition. I have problem with forgetting passwords. I don't want forget password to cryptsetup because I can lose all of my data. I'd prefer hold backups on encrypted external hard drive. How is your recommends to choosing a good password for full disk encryption? I'm not sure if backup unlocking key on USB will a good idea because in case of necessity of disclosure data and disk keys or passwords I would like to prevent beware leaking it.
2 Answers
Here's a new method I've started using recently:
Pick 4-5 random words:
piano, abstract, ruler, ivory, stream
Put them together with spaces in between:
piano abstract ruler ivory stream
Make some letters uppercase:
Piano abstract ruleR ivory stream
Substitute some letters for numbers:
Pia4o abstract r0leR ivory stream
Substitute some letters for symbols:
Pia4o abs#ract r0leR ivor! stre&m
New password:
Pia4o abs#ract r0leR ivor! stre&m
- 2,754
- 2
- 12
- 22
-
2If the five random words are from a large dictionary (say, 15K words) and truly random, transforming the words is unnecessary, because there's sufficient keyspace in the words alone. So all lower case is fine. – Royce Williams Nov 18 '17 at 16:52
-
I absolutely agree, I just think that if you *were* to use more common words (something like 500 words) then the numbers and symbols would increase the entropy of the password. – Joe Nov 18 '17 at 16:55
-
1This only increases the "real world" entropy by a small amount - because most such substitutions are A) well-known to password crackers and B) can be attempted in bulk very quickly on GPU using tools like hashcat). Such subtitutions also make them much harder to remember and type. For both UX and resistance to cracking, five simple words from a larger list is a better general answer. – Royce Williams Nov 18 '17 at 16:58
-
I think choosing randomly from the list of 2000 or so words in the "General Service List" or "New General Service List" would be a good compromise between "easy words to remember" and "big list of words". – Ben Nov 18 '17 at 20:07
-
I've found a good solution to remember long passwords composed of random characters. Generate random password and try associate character groups with regular expression that matches to password or something that you can imagine for example with favourite Linux distros or brand names. Example: }n"pCZ92:) (start character -> nip -> czech republic -> favourite number -> emoji) – Nov 18 '17 at 20:37
-
1Those substitutions make the passphrase mainly much harder to remember. – guntbert Nov 18 '17 at 22:03
Personally I like to pick two items on my desk and combine them into my password. It's easily visible to me, yet not something that can be guessed easily. Generally it's a longer password as well, so brute-forcing it is difficult. And when the time comes to change passwords, I've always got more stuff on my desk to choose from.
- 2,778
- 2
- 10
- 14
-
1Please don't do this, because A) the list of potential things on people's desk is relatively low, and B) only using two words is insufficient entropy. (1,000 possible things on the desk, squared = only 1 million possibilities, which can be exhausted relatively quickly by modern hardware). Pick from a larger random list of words, and use five or more words. – Royce Williams Nov 18 '17 at 16:54
-
1This objection, although valid, makes a couple suppositions. 1. It assumes that someone has access to my desk. 2. It assumes the non-use of case shift, adjectives, and/or special characters. 3. It assumes the items on my desk do not change. – baldPrussian Nov 18 '17 at 17:21
-
1I make no such assumptions. No knowledge of your specific desk or its arrangement is necessary. No matter what you are keeping on your desk, or how often you change it, the list of potential resulting words is by definition significantly smaller than the list of words available to a fluent speaker of a given language. Even if 10,000 things are possible on the desk and you can vary each of your two words a thousand ways (which is generous), that's only 10^10 possibilities. Five words from a 15K dictionary is 7x10^20 possibilities. If you do the math, you'll see what I'm getting at. – Royce Williams Nov 18 '17 at 17:42
-
Put another way: the value in using a large random list and a larger number of words is that *even if my exact method is known* - in other words, I tell someone which dictionary, and number of words I used - the sheer number of possibilities makes a brute force attack effectively impossible. – Royce Williams Nov 18 '17 at 17:52