From | Message |
alberlie play-chess-online.com chess
6/13/2006 01:55:03 play online chess | Subject: password safety and chess...
Message: Hi,
did anyone ever think about how well chess notation serves as passwords? Plusses are:
- As it's no problem memorizing a chess main line for 6-10 moves (most here can do that), you can generate quite long passwords
- since "+" "0-0" "0-0-0" "2.)" all contain special characters, 1.Nf3 also has caps and lower letters, it's quite random and it's got numbers in it -- all requirements for good passwords.
minusses:
- If your adversary happens to know you're a chess freak he might be able to reprogramm his brute force attacking tool to try chess lines with higher priority. But you could get around this by simply starting you pw off with the first letters of some sentence (let's say: "I hope Paris Hilton finally get's arrested" would make "IhPHfga" and if you now append your Ruy main line, you're ok.
I ran a test at this site: https://passwortcheck.datenschutz.ch
for this pw: "1e4e52Nf3Nc63Bb5a64Ba4Nf650-0Be76Re10-07a4Bb78c3" That's a well known anti-marshall line in the Ruy Lopez.
The test says that my pw would need 3'199'181'570'129'864'390'646'397'960'825'739'929'488'950'949'692'361'864'750'159'866'764'428'019'507'592'369'520'534'109'716 tries on average to break, which would take approx. 202'890'764'214'222'754'353'525'999'545'011'411'053'332'759'366'588'144'644'226'272'625'851'599'410'679'374 years (with 500'000 tries/sec).
That's not too bad, is it? And I can recite that Ruy line even when drunk, asleep, etc. etc...
|
ccmcacollister play-chess-online.com chess
6/13/2006 04:16:22 play online chess | sounds risky ...
Message: Better add an auto-disconnect after two tries fail~! That should add a couple eons ... and throw in an ansi character just to be Safe !!
|
far1ey play-chess-online.com chess
6/13/2006 04:22:20 play online chess | Nah
Message: Who would ever guess a chess opening being used as a password? Thanks for that alberlie that's quite an idea...
|
alberlie play-chess-online.com chess
6/13/2006 05:23:09 play online chess | craig...
Message: is right - kinda.
It doesn't hurt to start any sequence off with "@" or any other non-keyboard character. But the point is rather that with passwords, safety comes with numbers (of characters). _IF_ those characters are random, that is. Therefore something like "h%9K." is about as safe as "Irandowntotheshopformilk" even though the latter is much longer. But since it is made up of words in correct english syntax, it yields only about as half as much security _per word_. Given that a password of 20+ completely random characters is considered safe by current technology standards, that would translate to a "sentence" of more 40 words as a password. That's quite a bit to type and to remember (Some Hamlet monologue comes to mind ;o) )
The point with a chess line is now, that it is very easy to remember for a chess player and (for such a one) (almost) always consisting of a full move. But "1.)d4Nf6" is already eight characters of (in itself) very random fashion - and nothing an attacker would likely have in his dictionary (which _would_ probably have the most common english vocabulary - thus the decreased security of the above sentence).
So even if you would have "1.)d4Nf6" as one "word" it would have a security that would approach that of the random string h%9K.". Now imagine using a basic chess puzzle (smothered mate) which is a 4-mover, and you'd end up with over 50 characters. If you now add your odd special character at the beginning and end with "IhPHfga", you'll have a _VERY_ save password, at least as safe as a 20 character random string but a lot easier to remember...
|
ccmcacollister play-chess-online.com chess
6/13/2006 07:45:16 play online chess | Alberlie ...
Message: I like the solution to Chess problem password idea. But I forgot to mention, you also need to add some 'landmines' on your computer; virus & worm files for them to download ... !?
Seems only fair, to me }B-)
[And I have 2450 adware pop-ups on a very sick P-1, you can have cheap ... ] :))
|
nottop play-chess-online.com chess
6/13/2006 11:10:39 play online chess | like this
Message: I like this. I usually use nonsense passwords - hard to find but harder to remember. So I have to write them down. And as soon as I write them down - there they are.
But the fact that we're talking about it - could some hacker browsw these boards and decide to add some chess opening passwords to his database?
Could there be any hackers here at Chess?
|
alice02 play-chess-online.com chess
6/15/2006 04:06:28 play online chess | prompt question
Message: I like to have unexpected answers to the prompt questions e.g - what is your favourite make of car -Phar Lap (for those who dont know - a famous horse)
|