5 Passwords you should never pick

I wanted to write a post about which passwords are best and how to find a strategy to pick up a good password.
Then I realized that it would be pointless, as at the same moment you tell a strategy to form a good password, it becomes an information manual for crackers and might be implemented in bruteforce methods.

What I will tell you is what are the 5 passwords you should NEVER pick.

1. password, 123456, qwerty and hunter2.

The first two are between the most used passwords of all time. There have been many passwords leaks and the Yahoo leak which was storing unencrypted passwords and usernames (foolish, I know) made possible interesting statistics: on 450,000 passwords leaked, an astonishing 0.38% was 123456 and 0.18% was password. Figure why those are the first passwords a cracker would check.

2. Vocabulary words.

Bruteforcers have already implemented methods to quickly spot those words. Even a random, only-letter 3 characters word would be safer than a vocabulary word.

3. Passwords without numbers.

Using numbers increases the possible characters used from 26 to 36, which becomes hugely significant if combined with a long password.

4. Passwords without capitals.

Using capitals doubles the possible combinations of characters, so from 26 possible permutation we would have 56, which combined with numbers would give 66. Symbols might be used as well to give extra security for smaller words, but many websites do not accept symbols in passwords.

5. L33t speak.

Crackers already know leet speak (even before normal users). They are already used to bruteforce passwords. If you don't know what it is, it is a technique to exchange letters with numbers which look like letters:

O -> 0
I -> 1
Z -> 2
E -> 3
A -> 4
S -> 5
G -> 6
T -> 7
B -> 8

This methods bypasses the vocabulary word check and potentially makes a good encryption, but it has become too popular.

This is the reason for which it is not good to tell encryption methods to form passwords. They will be used in the future generations of bruteforce software. It is much safer to create your own encryption.


Still, I can tell you a common good method which will not spoil much to crackers:

use mnemonics!

Transforming a sentence only known to you into letters and numbers will be as good as a totally random sequence of characters and numbers. For example: 

I hate to wake up at 8 o'clock every Monday

will become:

Ihtwua8o'ceM

which will give ~79 bits of entropy, which is safe enough. It might seem hard to memorize but it's very easy to retrieve if you forget it and as safe as it can get. It would be one of 5.4036 x 10^23 possibilities and would take 1.7135 x 10^13 Years to discover with 1000 checks per second.

Even if this is an excellent method enough (the only problem occurs if someone manages to guess your initial sentence, which completely destroys the safety of this method, but if you did not pick up something common as the first lines of a popular song or poem, it will be safe enough) there are many other ways to create passwords which are easy to remember and require one (or more) encryption methods as the one used above. I will let you have fun with finding your own method.

But why using encryption?

It is a good method to have easy-to-remember but difficult-to-guess passwords. Of course the encryption method must be only known to you and should be memorable enough.

Another good suggestion would be not to use the same passwords for many websites. This is because some websites might not care to store passwords safely (even Yahoo, as we have seen before) and a leak will give your ultra-safe and encrypted password away, which you also accidentally use for your internet banking. Surveys say that around 60% of people use the same password for every service.

There are, of course, also methods to encrypt a memorable password for different websites and then have a set of different passwords with only one encryption method to remember. I will leave you the fun to find a good one.

Now, quickly go to change your password!

How to balance two forks on a toothpick

I posted a video a while ago about balancing forks on the rim of a cup:

This trick can be easily made using just 2 forks, 1 stick and a glass.
Your eyes won't believe it, but physics laws have not been violated in the making of this video.

The physics behind it

The center of mass of the system (forks + stick) falls around the middle of the stick, which lies exactly on the pivot.

That is the most stable position giving then stable equilibrium. Even for small displacements the system is balanced by a restoring torque.

Moreover, the system remain balanced even if half of the stick is burned, because the missing weight of the burned stick is negligible with respect to the weight of the whole system, then the center of mass approximately stays in the same position as before.

How to make it

The making of follows three simple steps:

1.   Put a toothpick (or any stick that can stand the weight of two forks) between the teeth of a fork.

2.   Take another fork (of the same kind) and push its teeth between the ones of the first fork. This is the most difficult bit as most of the times, the two forks and the toothpick will not stick together (you could use glue at this point without making the trick pointless, but I managed to do it without glue).

3.   Put the structure on any edge, trying to find the point on which it will balance (no glue allowed at this point). You will find it by the pressure on your fingers while you try to do it. The point depends on the shape of the forks and in my case the centre of mass fell on the middle of the toothpick.

3b.   Impress your friends!

Microsoftian Rhapsody

Is this the hard drive?
Is this ram memory?
Caught in a bootload,
No escape from SCSI
Open your ROMS,
Look up to the BIOS and see,
I'm a read-only, I need no fixing,
Because I'm easy run, easy load,
Little Hz, little clock,
Any slow the boot loads doesn't really matter to
Me, WinMe


Inspired from this video.

Microsoft makes a comparison chart of its own web browser

This is one of the most hilarious things done by Microsoft so far:

here

(after this and this, of course)

It is a (ridiculous) comparison chart between browsers in which Microsoft compare its browser with Firefox and Chrome.
The result is that Internet Explorer is the best browser in 7 comparisons out of 10 and in the 3 comparisons left is almost at the same level as Firefox and Chrome.

I am not entitled to doubt IE performances, but would you trust a comparison made by a developer of one of the products compared? It's like writing a review to your own product (which is what advertisement is).

Thermal Death

This is the second part of the sketch, made the same evening (have a try to do that holy problem sheet wasn't an option).

Skydiving or Chemtrails?

When I saw this image, I couldn't hold out against thinking that those people were sent from the NWO and that it's a new method to create chemtrails. If you don't know what the "New World Order" or the "Chemtrails" are, just google them yourself and you'll find how much ridiculous that theories are. Anyway, skydiving has always fascinated me. Seeing the world from an uncommon perspective with your own eyes (not a satellite) and feeling the adrenaline for being in free fall should be amazing. I think it's worth to do it sometime in your life. At least it's a good way to prove directly Strokes' Law.

Entropy

This is a small sketch made during a boring evening trying to do the last Thermal Problem Sheet of the term. That's very xkcd-style and I know it's not very funny but the idea is mine (at least!). Enjoy (click on the image to enlarge).
P.S. Happy Easter!

Google Maps: Street view in London

Firstly only in the US, but now Street View is spreading out in a lot of countries and from the beginning of 2009 is also available for London. Basically, it's a very fascinating Google Maps gadget that permits to have a street view instead of the traditional satellite view, such as you are walking in the streets. This is not only funny, but in some situations could result very handy if you have to move in unknown places. Yet the problems faced with privacy (360° street photos are patiently taken using a car and it obviously takes also pictures of people walking... or robbing) Street View became popular in the US and in few months it issued from the States to approach Europe, but also Japan, Australia, New Zealand, Canada and Alaska. In particular, I've tried Street View in London and I've found it very useful. I've noticed the photos date back to last summer (some clues such as movies ads on the buses or works on buildings that now are finished can prove it) so they are very recent. I really admire the patience to take photos of almost all the city, that's a tough work (not for the multimillionaire Google, obviously). Now enjoy some funny things found with street view (almost like the odd things found with Google Earth in some YouTube videos) here!