Common Password Salting

You use the same password on more than one site. Admit it. Everyone does it. It’s a dirty little secret that nobody talks about. Maybe you make yourself feel safer by using a different password for your bank, or for online stores.

A salt is defined as a random number that is added to the encryption key or to a password to protect them from disclosure. But in this case, it’s not a random number (since that wouldn’t be easy to remember either), but rather, it’s a combination of letters that you somehow derive from the site name, and somehow insert into your usual password.

For example.

Let’s say you’re creating a Hotmail account and you need to come up with a password. Your usual password is ‘monkey7’. But rather than just typing that in, you alter ‘monkey7’ with some characters that are unique to the site you’re visiting.

Maybe it’s the first two letters of the site name. Maybe it’s the first letter and the last letter, or the first and third letters. Whatever it is, pick a scheme and stick to it.

Let’s say you’ve chosen the first and third letters, and you’re going to put it before the 7. Your Hotmail password is now ‘monkeyht7’. Your Amazon password is ‘monkeyaa7’. Your Yahoo password is ‘monkeyyh7’. You get the picture.

Don’t use this exact scheme. Come up with your own. If everyone is using the same salting method, then it’s easy to crack, but with hundreds or thousands of salting algorithms, your password is reasonably safe.

Note that reasonably is relative. This is not super-secure - it’s hardly secure at all - but it is definitely more more secure than using the same password everywhere, and it’s easy to do.

Happy Salting.

Source (http://edge.i-hacked.com/common-password-salting)

That is a reallyy good idea.

.... denies using the same password in more then one place and goes off to change some.

While I'm on the subject, cause some people really don't know;

Basic rules for a good password.

1. A good password should contain at least 5 letters, two numbers, and two symbols (like @#$%^&*). Some sites don't allow symbols in passwords thou, but they all should, like crappy Myspace.com doesn't.

2. A letter or two should be capitalized because passwords are case sensitive. At least they are on almost all sites and should be. Myspace.com also fails this one.

3. The word or words shouldn't be something that can be found in a dictionary, or should be purposely misspelled.

Most password cracking programs do what's called a dictionary attack, trying words straight out of the dictionary in different orders and then combined with different random numbers over and over and over until they get it. Using a word not found in a dictionary or that is purposely misspelled will not make your password uncrackable, but will greatly increase the time needed to crack it.

No password is completely uncrackable, probably anyway. But the difference between a weak password and a strong password, is it taking 5 minutes to crack, or taking two years to crack.

Well Xp your gonna hit a nerve on this one! I'm not going to say much about my Pswd habits, except that they have been above average for a short time. I didn't know that I was "salting" my passwords until a short time ago.

I do however give my passwords priority for certain items. I'm one of those people who are constantly forgetting some of them because, as I'm called a dummy from time to time,(au contrare) I never write them down either.

Very good point to make, especially for the folks that do online banking.

:oops: