2008/10/6 Kwan Ting Chan ktc@ktchan.info:
On Mon, 2008-10-06 at 15:18 +0100, Thomas Dalton wrote:
2008/10/6 Marco Schuster marco@harddisk.is-a-geek.org:
Which becomes a problem if sites don't allow passwords larger than 10 to 15 chars (as if they couldn't make a MD5/SHA1 out of it...) :(
How about a standard 5 character alphanumeric password concatenated with the first 5 characters of the domain name encoded with ROT13? That should be accepted by any site and is pretty secure (it would be good to include symbols in there, but some sites don't accept them, and you may want some better mangling than just ROT13).
Easy enough for any modern PC to brute force if the one know you are using such scheme. 36^5 isn't that many combination...
Yes, knowing half the password in advance will make it easier to crack, that's very true. I was working under the assumption that you don't go around telling people your method of producing passwords...