another easy way to complex passwords

messed up lock by Darwin BellOk, consider this. You want to create a new account at some web service, but you don’t have your KeePass database handy to generate and store a newly generated complex password.

You know that you should use a complex password instead of something easy to guess. The problem is that something complex like “NeZ13ysOVK3yTVrHcG1N” is also bloody hard to remember. A long enough pass phrase with some variations in it for each separate web site is a good trick in this case. If the phrase is long enough, has some numbers and upper-case, or even better, some special characters in it, it’s going to be hard to crack and also easier to remember just out of your naked head. Problem is that once your pass phrase “system” is compromised, it’s like giving the master key to the bad guys. Oops.

A trick you can use to get a complex password anyway from an easy to remember pass phrase, it to use it as a base to generate an md5 hash code from it. For instance if you have the pass phrase “DoNotWant” you get the md5 hash “4cc9ba14280cf82f079a6ef5ae18df37“. Pretty complex innit? I know. There are no special chars in there, but it’s long enough to make it hard to brute force.

One thing you should keep in mind is that even though the md5 algorithm only works one way, you really, really, really should not be using single words or simple phrases as your password. There are md5 hash databases out there nowadays containing hashes collected from all over the internet to do a reverse lookup. Names, common phrases or single words will be easy to crack like that, so make sure you use something original.

Google for md5 generators to get started. The Fire Encrypter Firefox plugin is also a good tool to use for this kind of trickery.

Leave a Reply