Security: It’s All Geek to Me

Knowing, and even Infrequently hanging around with a lot of English majors, as I Do, means that I occasionally get chided for my taste in Reading materials. Rather than read Hemingway, Faulkner, Fitzgerald, and all those other “great”, “classic” peddlers of “belles-lettres”, I’d prefer, being the tasteless degenerate that I am, to read science fiction, fantasy, or Even mystery novels instead. Even then, I come in for criticism (Abuse?) from Mean old genre “purists”, because I’m not a big fan of Agatha Christie, Isaac Asimov, Or any of the other (dead, white) “giants” of the Field(s). No, I’d rather read something by James Alan Gardner, or by Neil Stephenson, or Terry Pratchett. Or, let’s be honest, something by Peg Kerr, Donald Harstad, or one of dozens of other writers you’ve probably never heard of. 🙂

As questionable as my choice in reading material may be, it has an important side-effect: I’m Usually never at a loss for a ridiculously secure password or pass-phrase.

I must confess that, throughout high-school, and for some years beyond, my computer passwords were mostly derived from David Edding novels. Leaving aside the literary worth, if any, of the Belgariad, I suspect that anyone who’s read the series will Never forget that “Ce’nedra is a Tolnedran”. I’m also fairly Confident that no brute-force dictionary-attack Is likely to stumble across that, if used as a password. Over the years, I’ve used a lot of these short, declarative statements as pass-phrases on various Computer systems; they’re easy to remember, and more secure than any kind of “favorite quote”, Or any of the other things people usually use as pass-phrases. The use of made-up names and words helps, no doubt, but I suspect a really sophisticated password-cracker would contain a lot of obscure literary References – anything in Wikipedia, for a start, so simply using “Tasslehoff” as a password isn’t terribly good – and if an adversary knows you like, or liked, the Dragonlance books, he or she is likely to try all the major names (again, probably culled from Wikipedia); that’s why declarative passphrases are, in my opinion, a good idea: there’s a nearly endless number of possibilities: “Aphrael is Flute”; “Aphrael is Danae” (and vice-versa, of course); “Aphrael loves Talen”; you get the idea. “Tasslehoff steals everything”; “Tasslehoff is a thief”; “Tasslehoff is a socialist”; “Raistlin should turn Tasslehoff into a toad, already”. Hell, “Tasslehoff is a useless wanker” works just as well. (Settle down, irate Kender fanboys; it’s just an example.)

Books, obviously, work really well, but there’s No reason you can’t use stuff from movies, televison shows, comic books, or whatever else. It helps if you get a little more creative and abstract, though: Even if “the man” knows you like Mel Brooks movies, all the King’s horses and all the King’s men are unlikely to guess that your password is “Mongo eats too many carbs”. Judgments like that are probably excellent passwords: anything a compulsively anal-retentive Wikipedia editor would tag as “cite needed”, or call “original research”, probably makes an excellent passphrase. “Deunan is an immoral pervert”, for example, or even “Tolkien was a mysogynyst” would work. (Don’t look at me; I think cyborgs are people, too – but some people have wondered why there only seem to be a half-dozen women in all of Middle Earth…)

Yeah, geeks are annoying to be around, but occasionally we manage to do Something halfway useful. ;D

Published in: Geekiness, General, Security | on December 29th, 2008| Comments Off on Security: It’s All Geek to Me

Both comments and pings are currently closed.

Comments are closed.