Secure Passwords, Made Easy

by Paul Arnote (parnote)

How many times have you needed to come up with a secure password, but were stymied by the request? How many of you use the same password — or small group of passwords — over and over again? When you think about it, it really doesn't sound so "secure," now does it?

Recently, in the U.S. media, there has been lots of talk about how many people have insecure passwords. According to media accounts, some of the most "popular" passwords are "abc123," "123456," and even the word "password" being used as the password. Those who want to gain access to your data know what the most popular passwords are, so it is up to you to make access to your data difficult by picking a secure password.

In the September issue of the PCLinuxOS Magazine, I showed you how to use openssl to help create secure passwords. But that isn't the only means available to you. I have come up with another way, one you can carry with you (in a way) on your USB flash drive, and no one would be any wiser were they to "intercept" your USB flash drive.

Many people carry USB flash drives with them. Personally, I carry multiple USB flash drives with me. One thing I like to carry are MP3 files of my favorite music and artists. I can plug it in to virtually any computer near me and listen to my favorite songs, without any difficulty. Now, I'm recommending using MP3 files as the basis for the secure password, but you can use virtually any file you want on your USB flash drive.

MP3 files? For secure passwords? No, I haven't lost my mind, as you will see.

One thing you can do with those MP3 files (or virtually any other file) is create MD5 checksums, and store those MD5 checksums in files on your USB flash drive.

First of all, it's easy to create MD5 checksums. Open a terminal session, and at the command line, type the following:

md5sum [path/to/file/filename] > filename.md5

What we have done is tell the program, md5sum, to create an MD5 checksum from the file at the specified location, and to store that file in the specified filename with the md5 file extension, by redirecting the output of md5sum.

Now that we have our MD5 checksum, it's time to create our "secure password." This method, by the way, works best if you have many MP3 files, along with the *.md5 files for each, stored on your USB flash drive.

Pick your favorite MP3 file from all the ones you have stored on your USB flash drive. You can just use the MD5 checksum of your favorite MP3 file, or a portion of it, as your secure password, and you will have already picked a secure password. But, you can take the security to a higher level, by applying patterns to how you apply the MD5 checksum — patterns that only you know, and that you can change at your will.

For example, you can decide that you will only use 10 characters for your secure password, and you can decide what pattern of characters to "extract" from the MD5 checksum of your favorite MP3 file. Perhaps you may decide that you want to use the first two characters, skip the third, use the fourth and fifth characters, skip the sixth character, use the seventh and eighth characters, skip the ninth character, use the tenth and eleventh character, skip the twelfth character, and use the thirteenth and fourteenth character. Now, you have a 10 character password that is always at your disposal, available to you in the event that you forget it, and one that is safe and secure — even if your USB flash drive should fall into the hands of an "unsavory" individual. All you have to do is remember the pattern.

By no means is the pattern example I give the only one. Be creative, and make up your own pattern. Here are some more pattern examples that I have thought of:

• Use the second through the eight characters of the MD5 checksum, followed by the first two characters of each word in the name of the MP3 file it represents, followed by the fourth and third characters from the end of the MD5 checksum.
• Use the first word of the title of the MP3 file, followed by the last eight characters of the MD5 checksum for that file.
• Use the abbreviation of the name of the group/singer, followed by the fourth through the eighth characters of the MD5 checksum, followed by the first letter from each word in the title of the MP3 file.

See how easy it is to create your new secure password? We all want our systems and our data to be safe, and the front line way to do so is to create a secure password that would be difficult for any hacker to hack. We want it so that if he comes across our data, the password is so secure that he just moves on to a different victim — a victim who doesn't have a secure password. And if/when "cloud computing" comes along, having a secure password is going to be even more important.