Minh’s Notes

Human-readable chicken scratch

Minh Nguyễn
January 27th, 2007



No, the title of this post is not a bug. It’s a reasonably secure password (not one that I use, thankfully).

You may remember when security expert Bruce Schneier wrote last month about the passwords people tend to choose for their MySpace accounts. You may’ve even chuckled at the one in a thousand who chose “blink182” as a somewhat conspicuous key to their online existence. But don’t be so quick to consider yourself completely secure.

Schneier recently wrote another piece, examining the techniques that password crackers now use to reveal “offline” passwords – the kind that unlocks your OS, as opposed to the kind required to log into a website.

Essentially, as long as the password is stored on the computer in some form, it’s possible to compromise it. (No server would accept 350,000 guesses per second for the same password, which is why online passwords aren’t quite as vulnerable.) Through brute-force means, it’s possible to scan the entire hard disk and try everything that fits in the password field. If you have a thousand dollars to spare, that is: you need some serious software to do that.

The article does get a bit technical at times, but it makes for a great read, even for computer illiterates. At the least, it gives you a little respect for human ingenuity.


  1. Even with modern computer programs like the ones described, on average isn't it still easier to start by "hacking" the person, using biographical information (i.e. name, birthday, kids' names and birthdays etc.) than it is to randomly start guessing a password? Also, have you ever read Cryptonomicon?

  2. Yep, and nope.