Quote from: kmfkewm on May 29, 2012, 07:36 amQuote from: self on May 29, 2012, 05:10 amsome things require passwords with a special character some without, that is why past couple years my passwd list has gotten so big.now i just learned some can use whitespace ...for simplicity (cut and paste) and security, (i do not need to write it down), a couple ideas.have you downloaded your car insurance card? is the vin # on it ? copy and paste, maybe add couple *>!.or a lot of us are on linux. since i found out i can use whitespace with truecrypt--remembering what line in what file is easier for me than actual 20 character randomness. so open a random file for example in /usr/src/linux/ablkcipher.c . pick something like"if (likely(!(walk->flags & ABLKCIPHER_WALK_SLOW)))"lines starting with #, such as#include are not operable in the script so you can modify to make it stronger and help you remember which line you chose. example#include hidden in plain sight. easier for me to remember file and line and copy and pasteforensics people would likely discover that password after an analysis of your machine shows the frequency and pattern with which you opened it, then they could just diff it and assume this one is a password. They try to make a time line of all of your actions, and it is going to look strange if they discover that you always open some random file with in it prior to doing things that require a password to be input. I have had some differences with kmfkewm but he is a 100% right here. Thanks for your thoghts self but no, no a thousand times no - it would be very easy to see you'd accessed this file if your passwords stored in plain text on the machine. You also might find that the so-called random file exists on every machine with the same Operating System and it might not be as unique as you thought!Similarly your VIN, along with your Social Security number is right up there with the name of your dog and your kid's date of birth as passwords which are easy to guess by LEO.Having said this, I do agree it is difficult to remember long strings of mixed characters indefinitely!If you must store your password list anywhere besides your head then I would recommend protecting them with a book cipher - I've posted about this on a separate thread but in essence, it involves selecting a key text which can either be an actual book or something you've penned yourself and then choosing a sequence of characters as your password.For instance if you had a copy of "War and Peace" on your book shelf you could decide that your password to your private key will be every second character on page 394. Obviously if will help if you select a text with a mixture of numbers and symbols as well as upper and lower case letters.This system isn't perfect as it will be obvious to anyone who's able to observe you that you've a book in your hand while you're using the machine but provided you have a large enough amount of them and you don't write down the page number you're using, it's very little to go on - it also allows you to have extremely long passwords which is a good defence against brute force attacks.Having said this as discussed in another thread, a cunning password will not protect you against keyloggers or a successful brute force attack, although there are ways to mitigate the risk.Many thanks to everyone for their thoughts.V.