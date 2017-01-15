As far as people are concerned, there are essentially two types of passwords: the ones we can remember and the ones that are too complex for us to recall. We've learned the latter type is more secure, but it requires us to store impossible-to-memorize-password lists, creating a whole new set of problems. There are some clever tricks to help our brains out a bit, but for most of us the limit of our memory is regrettable.Not suffering from such memory limits, computers only see one kind of password - guessable. Regarding how long it takes a computer to crack a password, the major variables are: how much time the computer has to spend guessing, how many guesses per second it can try, and the complexity of the password. There are other factors, but strong passwords can exponentially increase the time it takes a computer to break through the gate, so naturally we want passwords to be- just manageable.When writing down or carrying around passwords is not desirable, yet you still want one that's more difficult than you can remember, there are options. By using a little imagination, you can open up endless ways to surreptitiously store complex, perfect-style passwords out in the open or glean them from the Internet at will.This post is not intended to teach any one specific method (I only devised the one in the example below for training purposes to get people thinking outside their boxen), instead it aims to inspire different thinking regarding where to get reproducible data that can be leveraged for use in passwords. The way I see it, if we can't replace the feeble password altogether then we should at least teach it a few new tricks. The tricklies in remembering a routine instead of an actual password, enabling you to pseudo-remember impossibly difficult strings like a savant.For the example below, we'll use an image from Wikimedia Commons. You can save the image locally for when you need it or just go back to the web and get it each time - the Wikimedia images seem to sit in place forever, so we'll use it knowing we can easily find the exact same file again. You can use your own file in place of my example, it just has to be fixed and unchanging.The file we'll grab is called "IBM Personal Computer XT front.jpg" which sits at this page. Save the jpg using the Original file link, then drop to a terminal in the directory where you saved it and enter:This command outputs the sha256 hash of the downloaded jpg in reverse, further obfuscating it. Your terminal should be displaying the following:gpj.tnorf_TX_retupmoC_lanosreP_MBI f00059a089c6bb2f58620dfbf3104b29279947ead17f0650f3216013c0d05970This gives us a high entropy, reproducible, 64 character hexadecimal string that can be called up at will anywhere there's Internet and used as a password, without hardly remembering a thing. Useful? Maybe. Lazy? Definitely.In my example, you only need to remember the image location and the single command that gets the password out of it. In order for methods like these to be secure, you need to come up with something original, so my illustration should be adapted. There are countless other hash functions to choose from. You could instead use the sha384sum command which outputs a 96 digit hexadecimal string, for example. The possibilities are endless. Make it your own.Finally, delete the jpg and enter one last command:history -cThis clears the previous command from the terminal memory so when you close it, it wont be written to the .bash_history file.dmtA reader from LXer.com chimed in and wrapped this routine up in a handy script, so I'm posting it here. The image can easily be replaced and the script cleans up on its way out. Nice. Thanks to dotmatrix.

mkdir ~/.some

cd ~/.some

wget https://s26.postimg.org/kh6n63t5l/pic1.png

sha256sum pic1.png |rev

cd ~

rm -r ~/.some

