Let's face it: passwords are at the heart of security of UNIX systems.
Even though there are plenty of clever substitutes (OpenSSH? key pairs come to mind), there is always a moment when you need to set a
root password on a machine... And now, what do you do? Just punch
123456 as your root password?
Here is a little routine that I have created over several years, that allows me to create strong passwords for
root and other key accounts on my UNIX machines - I hope you will find it useful!
Choose several small words that form a small sentence.
To pick an example, I'll use "
I Love Unix" as my passphrase.
Simple enough: put all consonants (B, C, D, F, etc...) on the left and all the vowels (A, E, I, O, etc...) on the right:
I Love Unix" then becomes: "
Now that vowels and consonants have been separated, insert two or three characters between the two groups. Here, I'll insert
%% between the two words, and "
lvnx ioeui" becomes: "
The tongue-in-cheek "3l33t" (meaning "elite") transformation means replacing some letters by numbers and other characters. I don't use the canonical "3l33t", since it is way too complicated. I have my own version, which is much more simple:
Here is a short table to explain this transformation:
The original "I Love Unix" then goes from: "
lvnx%%ioeui" to: "
This is already complicated, but we are going one step further.
All consonants letters with diagonals in upper case (K, M, N, R, V, W, X, Y, and Z) should now be upper-case:
The original "
I Love Unix" then goes from: "
1vnx%%103u1" to: "
We are almost done! Please note that this password already contains:
This is already a fairly complex password, 11 characters long, and one that is not easy to guess. But there is more!
The easiest way to do this is to pick two characters, other than letters and numbers, and follow it by three upper-case letters. In that case, let's pick
Here is what the final password might look like:
You can also add the personal touch at the end:
You are done, and, in six easy steps, you went from "
I Love Unix" to
Quite complex, right? On the other hand, it can be recreated
For this password recipe to be secure, remember to apply the following rules:
To make your password even more complex, replace all repeated letters and numbers by the number of times they come back:
EEE-- would be replaced by
E4-- in this case, since there are 4 "E" in "
EEE--I Love Unix"
Just as an aside, no, I have never used "
I Love Unix" as a root password... And you should not, too, since this page is archived by Google and other search engines! :-)
Hope this helps!
(Please note that almost all password checkers listed above give very high marks to
EEE--1VNX%%103u1... Except for "Password Meter"... :-)