On Mon, 2008-10-06 at 15:18 +0100, Thomas Dalton
wrote:
2008/10/6 Marco Schuster
<marco(a)harddisk.is-a-geek.org>rg>:
Which becomes a problem if sites don't allow
passwords larger than 10 to 15
chars (as if they couldn't make a MD5/SHA1 out of it...) :(
How about a standard 5 character alphanumeric password concatenated
with the first 5 characters of the domain name encoded with ROT13?
That should be accepted by any site and is pretty secure (it would be
good to include symbols in there, but some sites don't accept them,
and you may want some better mangling than just ROT13).
Easy enough for any modern PC to brute force if the one know you are
using such scheme. 36^5 isn't that many combination...
Yes, knowing half the password in advance will make it easier to
crack, that's very true. I was working under the assumption that you
don't go around telling people your method of producing passwords...