Passwords for Scientists科学家密码
March 30th, 2007 · by David Bradley 07年3月30日由戴维布拉德利
Remembering complicated, hopefully strong, passwords is a pain.记忆复杂的,希望有力,口令是一种痛苦。 Writing them down or saving them in some kind of file defeats the object, especially if you work in an open office or do not password protect said file.这些写作节省下来或他们在某些类型的文件失败的对象,尤其是如果你的工作在开放的办公室或不说,密码保护文件。 The best passwords are usually a mixture of letters, numbers, and symbols, something that science is very good at.最好的密码通常是混合字母,数字和符号,科学的东西是很好的。
If you’re a mathematician an engineer, or a chemist, for instance, you should be able to take the above thought to its logical conclusion.如果您是一位数学家,工程师,化学家或举例来说,你应该能够采取上述思想的合乎逻辑的结论。 For instance, you might use the formula for working out the Fibonacci sequence or a acceleration due to an applied force for instance.例如,您可以使用公式的工作了Fibonacci数列或加速由于采用武力的实例。
Chemists have millions of linear chemical formulas to work from.化学家已数以百万计的线性化学公式的工作。 Just pick a compound.只需选择一个大院。 Taxol, the anticancer drug, molecular formula C47H51NO14.紫杉醇的抗癌药物,分子式C47H51NO14 。 For extra safety, you could reverse it or choose to miss out the first and last letters, for instance, giving you 41N15H74.额外的安全,你可以扭转这种局面,或选择错过了第一个和最后一个字母,例如,给你41N15H74 。 That would make a relatively strong password, all you have to do is make sure you remember your chosen compound and the algorithm to modify it.这将使一个相对强大的密码,所有您需要做的就是一定要记住您所选择的化合物和算法的修改。
Check out退房 www.ChemSpider.com for more examples, you could choose from some ten million compounds.更多的例子,您可以选择从大约1000万部的化合物。 Of course, you don’t have to be a chemist to use this technique.当然,你不必是一位化学家利用这一技术。 Incidentally, before any crackers attempt a bruteforce attack on this site using that database of 10 million compounds, remember two things: (a) ChemSpider is not the only database there is CAS, PubChem, ChEBI and dozens of others (b) We don’t actually use this technique here.顺便说一句,在任何饼干试图攻击bruteforce此网站上使用该数据库的1000万化合物,请记住两件事: (一) ChemSpider不是唯一的数据库,有中国科学院, PubChem数据库,飞燕和数十人( b )我们不吨实际使用这项技术在这里。
If you’re worried about how strong your password is against a如果你担心你多么强大的密码是对一个 bruteforce attack check bruteforce攻击检查 out this post, and also have a look to see if you’re using any of the这一职位,也有看看如果你使用的任何 obvious passwords显而易见密码 and then avoid them!然后避免他们!
You may be interested to know that there is one instance when it’s actually better not to use a password on a Windows machine.您可能会有兴趣知道,有一个实例时,它实际上最好不要使用密码的Windows机器。 Not setting a login password actually makes it impossible to “login” from the internet to that machine.没有设置登录密码实际上不可能“登录”从互联网的机器。 But, this post on但是,对这个职位 hacking a Windows account黑客入侵Windows帐户 makes for worrying reading nevertheless.为使阅读然而,令人担忧。
28 responses so far ↓ 28日的答复迄今↓
Haha, being a chemical engineer myself, using these type of passwords wouldn’t be such a bad idea.哈哈,是一位化学工程师自己使用这些类型的密码将不会成为一个坏主意。
Perfect for chemists and chemical engineers alike, I hope, but astronomers could use galaxy and star catalogue numbers equally as well w/o fear of forgetting their password, particle physicists could use the initial letters for terms in their QCD equations, molecular biologists could use gene sequences or peptides etc etc…I think we’re on to something here…infinite uncrackable passwords….but only for STM personnel!完美的化学家和化学工程师,我希望,但天文学家可利用的星系和恒星目录同样数量以及W / O型害怕忘记了自己的密码,粒子物理学家可以利用首字母的字词在其量子色动力学方程,分子生物学家可以使用基因序列或肽等等...我想我们对这里的东西...无限uncrackable密码... 。但只能扫描隧道显微镜的人员!
Hello,喂,
This is a nice method to choose a password, but in order to be very strong, it needs to contain spaces and punctuation (this is called a pass phrase).这是一个好方法,选择一个密码,而是为了将非常强大,它需要包含空格和标点符号(这就是所谓的通行短语) 。 For example, instead of using “C47H51NO14″ as a password, use “C47H51NO14 fights cancer.”例如,使用“ C47H51NO14 ”作为一个密码,使用“癌症C47H51NO14打架。 ”
But here’s what I see happening: You make two or three of these strong(ish) passwords based on compounds that you readily remember and some variations based on a specific site’s requirements/restrictions.但这里是我看到的:你让两个或三个这些强有力的(英语)密码化合物的基础上,你随时记住,有些差异的基础上特定网站的要求/限制。
Problem 1: Now you need to login into a site, and you need to remember which pass and variation you used.问题1 :现在您需要登录到一个网站,你必须记住这些变化传递和您使用。 Start guessing…开始猜测...
Problem 2: You log into a website (ex. a forum) that doesn’t use HTTPS.问题2 :您登录到一个网站(例如论坛) ,不使用HTTPS 。 Your password, no matter how strong it is, can be captured while it travels over the internet unprotected, and all other accounts where you’ve used that same password can be compromised… no skin off a hacker’s back to have his automated bots plug it into various banks and shopping sites to see if it works.您的密码,无论多么强大它是可以被抓获的,同时它旅行在互联网上保护,和所有其他账户您使用相同的密码可损害皮肤...没有了黑客回到了他的自动漫游把它插入到各银行和购物网站,看看它是否工作。
Regardless of how strong they are, reusing passwords is dangerous - and not reusing them requires more memory than the average person has.无论多么强大,都重复使用的密码是危险的-而不是重用他们需要更多的内存比一般的人。 I suggest using a password manager, then setting your master password to something very strong like “C47H51NO14 fights cancer.” Then you store unique, strong, nonsense passwords in the password manager - no need to memorize them, just look them up.我建议使用密码管理器,然后设置主密码的东西非常强劲,如“ C47H51NO14打架癌症。 ”那么你商店独特的,强有力的,胡说密码的密码管理器-无需记住他们,只要看看他们。
Thanks for commenting in the PassPack blog.谢谢评论中PassPack博客。 I’ll point a link to this reply there too so that others can benefit form the conversation.我会点一个链接对这一答复也有让其他人可以受益形式的交谈。
Cheers,干杯,
Tara Kelly塔拉凯利
Founding Partner创始合伙人
PassPack Online Password Manager PassPack在线密码管理
http://www.passpack.com
That’s fair comment Tara.这是公正评论的塔拉。 I did realize there were potentially problems with my scientific approach to passwords, but there are so many trivial sites one might want to login to too that a simple single word password is still pretty useful, but point taken on pass phrases and password managers.我没有意识到有潜在的问题与我的科学方法,密码,但有许多琐碎的网站之一可能要登录到一个过于简单的一个字的密码仍然是非常有用的,但一点就通的词组和密码管理人员。
@David, @大卫,
Sorry, did I come off preaching?对不起,我来了说教? Wasn’t my intention, I just tend to be wordy.是不是我的意图,我只是往往是罗嗦。
Cheers,干杯,
Tara塔拉
[...] of the more ingenious ideas I’ve come across is David Bradley’s Passwords for Scientists where he proposes using the molecular formula for various [...] [...]更巧妙的想法我已经遇到的戴维布拉德利的密码,科学家,他提出利用分子式为各种[...]
I think this is a fantastic idea.我认为这是一个美妙的想法。 Don’t be surprised if you see a similar idea at PassPub.com.不要惊讶如果您看到了类似的PassPub.com主意。
I’ll watch out for your version Martin.我会留意你的版本马丁。 Don’t forget to give us a namecheck.不要忘了给我们一个namecheck 。 Chemspider.com now has 14,700,000 entries, so there are plenty of chemicals to choose from. Chemspider.com现在1470.000万条目,所以有很多化学品的选择。
d
Pam // 帕姆 / / Jun 15, 2007 at 2:59 pm 07年6月15日在下午2时59分
A lot of people write their passwords down or save them in a file on their computer, most people never change their passwords, and some people use the same password for everything including their banking.很多人写自己的密码,或保存在一个文件中的电脑上,大多数人永远都不会改变自己的密码,以及一些人使用相同的密码的一切,包括他们的银行。 A bunch of chemical passwords seems a great and simple way to get around the problem, but those people who do the above probably won’t know about looking chemical formulas气象化学密码似乎是一个伟大而简单的方法来解决这一问题,但这些人谁做上述大概不会知道寻找化学公式
David, ChemSPider already has a few million new structures ready to add to the database and will likely be moved over onto the production database sometime in the next couple of weeks.大卫, ChemSPider已经有几百万新的结构,准备添加到数据库,并可能会移动到生产数据库在未来几个星期。 We are hoping to hit 20 million unique compounds by end of this year…anyone out there that has any compounds, SDF files or access to structure databases that would like to see them made public please contact us at我们希望达到2000万独特的化合物在今年年底前完成...有任何人有任何化合物,日本自卫队的文件或进入结构数据库,想看看他们公开,请与我们联系 feedback@chemspider.com ! !
I’ve now created the Chemical Elements password at我现在创建了化学元素密码 https://www.passpub.com/element.php网址为: https : / / www.passpub.com / element.php It creates random elements as using a list of 14 million was too much of a challenge!它创造的随机因素,使用清单14万太多的挑战! But the basic principle is there.但基本原则是存在的。 Please get in touch with any comments.请接触任何评论。
Thanks谢谢
Martin马丁
Interesting thought Martin, nicely implemented, but your method misses the point by simply string together random element symbols and number that will just be as hard to remember as any other random string.有趣的思想马丁,很好实施,但您的方法忽略了一点,只需串随机元素符号和数字,只是因为很难记住任何其他随机字符串。
My concept is to use a real compound, Viagra or Rohypnol say, look up its chemical formula and us that as the password.我的概念是使用一个真正的化合物,伟哥或Rohypnol说,仰视其化学公式和我们的密码。 For extra protection one could reverse the formula or make some other standard modification that only you would know.为额外的保护可以扭转的公式或其他一些标准的修改,只有你会知道。 All one needs to remember is the compound name and that standard change.所有的人们需要记住的是该化合物的名称和标准的变化。
How would anyone remember “Co9Pm4La9″?怎么会有人记得“ Co9Pm4La9 ” ? It’s just random elements and random numbers, there is no “cobalt promethium lanthanum” alloy as far as I know.这只是随机因素和随机编号,不存在“钴钷镧”合金据我所知。
Martin at Passpub emailed me to say he’d have a harder time memorizing “cobalt promethium lanthanum” than “Co9Pm4La9″ which has pairs of letters interceded by a single digit.马丁在电子邮件Passpub我说,他希望有一个更难的时间背诵“钴钷镧”比€ € ³ œCo9Pm4La9â这对制止信件由一个单一位数。
Martin, yours is a nice implementation, but it’s just not as viable as my idea for making an easy to remember password.马丁,你是一个很好执行,但它只是没有可行的我的想法使一个容易记忆的密码。
Co9Pm4La9 doesn’t exist and what would it be called anyway, you essentially got a random string, but there’s no mnemonic. Co9Pm4La9不存在什么将它称为无论如何,你基本上得到一个随机字符串,但没有记忆。
In contrast, you can think of a compound name and simply look up its formula.与此相反,你能想到的一种化合物的名称,只是期待它的公式。 The formulae for Taxol, aspirin, Viagra etc etc are readily available and unchanging.该公式,紫杉醇,阿斯匹林等伟哥等都是现成不变。
My idea allows one to think of a compound and then get hold of what is essentially a pseudorandom string based on that name.我的想法可一想到化合物,然后抓住基本上是伪随机字符串基于这一名称。 Easy to remember the compound - aspirin, viagra, taxol, etc etc. In contrast, there is no chemical meaning to the random elements and numbers in your version.容易记住大院-阿司匹林,伟哥,紫杉醇等等与此相反,没有化学意义的随机内容和数量在您的版本。 Actually, it would be easier to remember “cobalt promethium lanthanum” (which is not a real material anyway) than Co9Pm4La9.其实,这将是容易记住“钴钷镧” (这是不是真实的材料反正)比Co9Pm4La9 。 In fact if I were trying to memorize your password, I’d remember the element names and the number 949, rather than trying to recall CO-9-PM-4-LA-9 and then recalling that they’re elements and making the second letter lower case.事实上,如果我试图记住您的密码,我会记住元素名称和号码949 ,而不是试图回收的CO - 9 -上午- 4 - LA公司- 9 ,然后回顾,他们的内容和使第二个字母小写。
I did say my technique was for scientists, didn’t I?我没有说我的技术是科学家,没有我?
Hi all - while Martin seems to be a nice guy - he’s not at PassPack… he’s at PassPUB.您好所有-马丁,而似乎是一个好人-他不是在P a ssPack.. .他在P a ssPUB。
Cheers,干杯,
Tara塔拉
PassPack Founding Partner PassPack创始合伙
Whoops, sorry about that Tara.哎呀,对不起这个塔拉。 Edited my comment now.编辑现在我的意见。
db分贝
I maintain that the chemical elements provide a useful pattern for remembering a password but accept that for a particular audience it would be feasible to provide actual compounds for people to use.我认为的化学元素提供了一个有用的模式,记住一个密码,但接受某一特定的观众将是可行的化合物提供实际的人使用。
Ps if you wanted a mnemonic password you would use聚苯乙烯如果你想记忆的密码您可以使用 https://www.passpub.com/mnemonic.php网址为: https : / / www.passpub.com / mnemonic.php ! !
Yeah, you’re probably right, but for a non-scientific audience there probably are better mnemonics than elements and compounds anyway是啊,你可能正确的,但对于一个非科学的观众有可能是更好的助记符比元素及化合物反正
db分贝
Ronda // 隆达 / / Aug 9, 2007 at 7:25 am 2007年八月九日在上午07点25分
I like the way you get scared in the last paragraph我喜欢你害怕最后一段
But it would be impossible!但它是不可能的!
This is an excellent idea.这是一个极好的想法。 Thank you for sharing!谢谢您共享!
Michael Griffey // 迈克尔葛瑞菲 / / Jan 22, 2008 at 10:34 pm 2008年1月22号在下午10时34分
Not long ago, a fellow programmer suggested the use of keyword combinations to make up a password.不久前,一位程序员建议使用关键字组合,以弥补一个密码。 Like (If(x=4)Then{DoSomethingCool;}).像(如果(十= 4 ) (然后DoSomethingCool ; ) ) 。 That would be hard to crack with a human brain.这将是很难裂纹与人类大脑。 Like your idea of complex formulas this is a poor idea.你的想法一样复杂的公式,这是一个穷人的想法。
I don’t know anyone who tries to crack passwords with a human brain.我不知道谁人试图破解密码与人类的大脑。 Modern crackers use things like keywords, dictionaries, and complex algorithms.现代饼干使用这样的关键字,字典,和复杂的算法。 If a hacker where to attack a bank, it would be wise to check banker terminology first to find the passwords of bank employees.如果一个黑客在攻击银行,将是明智的检查银行家术语第一个找到的密码银行职员。 You give a higher ranking to words, formulas, and thoughts known to the user.你给较高的排名的话,公式和已知的想法给用户。 If you are not a programmer, then “System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile”, or “While(x<=24)y(x)=x*8EndWhile” would constitute as highly secure passwords.如果您不是程序员,然后“ System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile ” ,或“尽管(十” = 24 )肽Y (十) = x * 8EndWhile “将构成的高度安全的密码。 We have to constantly evolve our way of thinking.我们必须不断的改进我们的思维方式。 If I could link your username on this site to you, the first thing I would try is the method you openly endorse.如果我能联系您的用户在这个网站给你的第一件事我想尝试的方法是你公开赞同。 You limit your calculation to 64 Alfa characters and 10 numeric characters, making your passwords easier to crack.你限制你的计算至64阿尔法字符和10个数字字符,使您的密码容易开裂。 If I where to ever attempt to crack a password, I would use dictionaries that relate to the field of study of the user first.如果我在哪里都试图破解密码,我会用字典中涉及的研究领域的用户第一次。 Password length far surpasses complexity.密码长度远远超过的复杂性。 Food for thought.引人深思的问题。
Michael, first off, I don’t actually use this method迈克尔,首先,我不实际使用此方法
More to the point though, I didn’t limit the users of my approach to a particular string length and there are some very, very, very long chemical formulae out there.更重要的是不过,我并没有限制用户的办法,我特别字串长度,有一些非常,非常,非常漫长的化学公式了。 Take an obscure protein, cut hypothetically into a medium-sized peptide, lop off the ends and you’d still have a password of many characters that would not be found in any dictionary.以一个不起眼的蛋白质,减少假设成一个中型肽,修剪结束了,你还是有密码的许多特征,不会是字典中查不到。 Knowing the field in which someone works might be fine for trying to hack a plumber’s website or that of a garage mechanic, but a protein chemist’s dictionary is not going to be quite so apparent.了解在该领域工作的人可能被罚款,试图破解一个伐木工人,网站或车库机械师,但蛋白质化学家的字典是不会那么明显。
db分贝
Michael, first off, I don’t actually use this method迈克尔,首先,我不实际使用此方法
More to the point though, this approach does not limit the password to a particular string length, and there are some very, very, very long chemical formulae out there.更重要的是虽然,这种做法并不限制密码,以某一特定字串长度,而且有一些非常,非常,非常漫长的化学公式了。 Take an obscure protein, you’d only have to cleave it hypothetically into a medium-sized peptide and you could have a 31 character password that would be found in no dictionary.以一个不起眼的蛋白质,你只需要劈开它假设成一个中型肽和你能有一个31字符的密码将发现没有字典。
Knowing the field in which someone works might be fine for trying to hack a plumber’s website or that of a garage mechanic, but a protein chemist’s dictionary is not going to be quite so obvious.了解在该领域工作的人可能被罚款,试图破解一个伐木工人,网站或车库机械师,但蛋白质化学家的字典是不会那么明显。
db分贝
i for got my passward please help me对我来说有我passward请救救我
For what did you forget your password Ladnaan, hotmail?对于什么是您忘记密码Ladnaan , Hotmail的? There’sa password reminder system for hotmail, give it a try.还有密码提示系统的Hotmail ,给它一个尝试。 But, if you hadn’t registered a secondary address and cannot remember your password reminder you may be stuck.但是,如果您还没有注册的二级处理,不能忘记您的密码提示您可能会被卡住了。
db分贝
Kin // 建 / / Mar 11, 2008 at 7:45 pm 08年3月11日在下午7点45分
Here’sa point why fake elements might work too.下面一点,为什么虚假的内容也可能工作。 If you’re bad at numbers you can try something like如果您在数字不好您可以尝试像
dicobolt triphosphate dicobolt三
Co2(SO4)3钴( SO4 ) 3的
Now, not checking if that works or anything, but at least for me I can’t remember symbols and really only manage with uppercase letters and numbers.现在,如果不检查的工程或任何东西,但至少对我来说我不记得符号和真的只有管理与大写字母和数字。 On the otherhand, a phrase like dicobolt triphosphate is not so hard.论otherhand ,一个短语像dicobolt三是不那么困难。
Interesting point Kin, did you mean to write sulfate, however?有趣的点检,你的意思写硫酸,但?
db分贝
Kin // 建 / / Mar 12, 2008 at 12:39 am 2008年3月12日在上午12点39分
Whoops!哎呀! Sure did.当然没有。 Well, actually, I meant to write PO4.实际上,我的意思写磷酸。 But either way, I wrote wrong.但无论哪种方式,我写的是错误的。
On another note, you can work this method into stages of security.另外,您可以把这个方法阶段的安全。
Again, not best example, but:同样,没有最好的例子,但是:
dicobolt (Co2) for your unimportant sites that still require a password, and dicobolt triphosphate for more secure sites. dicobolt (二氧化碳)为您的不重要的网站,仍需要一个密码,并dicobolt三更安全的网站。
Like currently I have a basic password with a few number variations (Three ones, or one three before and after the phrase, eg) on my basic websites.像目前我有一个基本的密码少数一些变化(三个一,三个或一个之前和之后的短语,例如)我的基本网站。 The stages stop an automatic everything lost scenario of if your password is taken.该阶段的自动停止一切损失的情况下,如果您的密码采取的。
Your numbers idea is basically the same as my adduct to the passwords for scientists idea.您的号码的想法是基本相同的加合物的密码,科学家的想法。 As others have said the more complicated the obfuscating mental algorithm you apply to your password the less chance of it being guessed or brute-force attacked, but also the harder it is to remember.正如其他人所说的更为复杂的混淆你的精神算法适用于您的密码的可能性不大它被猜中或蛮力攻击,但也越难是要记住。
db分贝
More on ensuring you use strong passwords from those d00dz at Google:更多关于确保您使用强密码从这些d00dz在谷歌: Official Google Blog: Does your password pass the test?官方谷歌作者:请问您的密码通过测试?
Leave a Comment发表您的评论