Need A Locksmith?
Locking your keys in the car is never fun. The last time that happened, I spent the better part of my day waiting for a locksmith. Happily, I can say that's one of those mistakes that I only made once; I haven't lost sight of my keys since.
The funny thing is that, for all of my deliberate effort, I simply cannot keep track of my digital keys (passwords) when I sit down at a computer. There are just so many of them, and we're trained to not use the same one on every site. Physical keys are just easier to keep track of. Even when you lose them, they're still somewhere. It's all a matter of retracing your steps. Besides, at least there are specialists (like locksmiths) to help lower that security barrier, if you really need them.
That's also true when it comes to passwords, at least to a certain extent. Whether it's your email or bank account, online password recovery is generally a painless process. There's usually some sort of a "Forgot Your Password?" link that allows you to reclaim access. However, the prospects for digital files are usually more forlorn. I recently discovered this while I was trying to access an old encrypted WinZip archive.
Before we dive too deep into password recovery, we should point out that there are many ways to protect your data. If you're looking for a more comprehensive solution, we would suggest something like TrueCrypt (check out Protect Your Data! TrueCrypt 7.0a's Performance, Analyzed), which is even more attractive now that it supports AES-NI instructions. Yet, archive encryption remains the most ubiquitous way to secure data. Whether you're someone in HR emailing the weekly payroll or Blake Lively trying to keep those personal iPhone photos a little more personal, encrypting an archive is fast and easy.
There is, however, a bit of a misunderstanding on just how secure your data can really be. If you're paranoid about security, you're naturally going to favor the strongest encryption scheme possible. The presumption is that a stronger encryption scheme is more difficult to break, suggesting that AES-256 is better than AES-128. That's not the whole truth. Think of encryption like a big vault. The thicker the armor, the harder it is to penetrate the safe. However, the security of a vault is only as good as the lock that secures it. That is what a password does. It's the vault's key. The longer your password, the more complicated the lock and the more secure your data is.
Most people assume that an eight-character-long password is good enough to keep hackers at bay. That's not exactly true either, and we're about to show you why.
9 or 10 characters?
Sudoku puzzles have numbers from 1 through 9!
Fixed! Sorry. I usually play Sudoku variants. :)
I could understand that, but I left out that since I was trying to show a simple example of how permutations differ from combinations. As you pointed out, repetitions are allowed in passwords. I actually mention that in the sentence that follows in the next paragraph.
It wouldn't be easy from a design standpoint, cause now you're talking about fiddling with the design of the program.
The easiest way to slow down the verification portion of the password authentication process is increasing the number of transformation invocations for key generation. The problem is that this slows down the performance of your machine, even if you have the correct password.
jj463rdHow about adding some extended ASCII codes to a password.
That assumes WinZip and WinRAR supports them. To be honest, I haven't looked into that. Though, I'm inclined to believe that neither program supports them.