Quote from: randomOVDB#2 on May 30, 2012, 06:11 pmQuote from: kmfkewm on May 30, 2012, 10:11 amIf I know that your password contains ewiofiofj32iofiu42hf4u2ihr3ht1sk3r41it3r4ytthruthr4ugh43yhuy I don't care much if you add .gz after itYou add .gz (.yournick or aaa43 or fu@f, ...) to the text that is in the file so your password is isn't ewiofiofj32iofiu42hf4u2ihr3ht1sk3r41it3r4ytthruthr4ugh43yhuy butewiofiofj32iofiu42hf4u2ihr3ht1sk3r41it3r4ytthruthr4ugh43yhuy.gz and since .gz isn't there ... Addition of a few characters that are not in the file makes frequency useless.Testing every combination from an average sized system txt file would take quite a bit of time wouldn't it ? File with 1000 lines, part (you add something that is not in the file) of the password being your 42th line. It seems pretty safe to me ?I think it would depend on how easy it would be for LEO to monitor which files you were accessing from your machine.An associate of mine used to use a similar technique to yours where he had a website generate a million random passwords and put them in a spreadsheet. He would then choose one at random to be his password for the month and add a few random characters in.On the face of it, but reducing your password possibilities down from infinity to a million is actually quite bad for your security. Although it would take considerable time and trouble to perform hash algorithims on a password list that long and see how similar they are to the one for the stored password, it would reduce the time to 'bruteforce' the password considerably.Of course if there were one, universal method of having an easy to remember but incredibly robust password we would all do it. I don't claim to be an expert in Cryptography but can tell you that the best methods of encryption historically have been those whereby revealing the method behind the encryption process doesn't materially advantage any eavesdroppers - for instance owning a copy of the AES encryption algorithim wouldn't be much use without the corresponding password. Conversely the "one time pad" method of encryption while theoretically secure was a disaster to implement in practice for Spies as recovery of what was obviously the code book by an enemy meant all subsequent messages would be decoded! (There are other practical concerns but we'll gloss over these..) The general emphasis seems to be on "something you have" and "something you know" in order to secure your data e.g a password and a keyfile. As such if you're going to do something like this I'd suggest you go a little further than adding .gz to each file. For instance you could swap the first five digits around or otherwise skew a larger number of characters.One method I used to use to protect against dictionary based attacks would be to choose several normal words as a pass phrase and cycle every second character two places forward. I actually got the idea from reading a book in the Star Wars series of all things (http://starwars.wikia.com/wiki/Cracken_Twist).I'd like to hear more thoughts from the floor on this please but my general feeling is that writing your passwords down is not a good idea unless you alter them substantially.V.