Posted on

Secure Passwords and Usernames for the Dark Web (or Anywhere)

by Ciphas

secure-password-590x350

DISCLAIMER: I have not used any of the “passwords” in this post as real passwords. So go ahead and try them all you want!

An acquaintance contacted me recently, and was asking about how to use darknet markets. One of the things I had advised this person to do was to make sure that they used a secure passphrase and/or username.

This is just good internet advice in general, but I would say that it goes double for the dark web.

One of my earliest posts on this blog was entitled Dark Web: Fake Words and Secret Codes. In it, I had suggested the diceware method for generating strong passwords – and I still do, actually!

poker-casino-dice-colour-black-size-9370-10141_medium

Just to review: the way this is accomplished is that you roll a die (or pair of dice), and each 5-number set represents a word, number, or group of letters taken from a long word list.

They might look like this:

52121 ron

43453 noel

11243 acidic

53223 sequel

36514 llll

You then combine those words or numbers together, and that’s your password. Some people add periods or dashes in between the words, too. So, the final result would be “ron.noel.acidic.sequel.llll.”

For full details on how the diceware method works, see Diceware Passphrase Home.

This method, however, can be time-consuming. And the longer your password (or “passphrase”) is, the greater the chances are that you’ll make a mistake when typing it.

Throw Away the Dice??

My friend Arne Babenhauserheide, who is a programmer, came up with an alternate method of generating secure passwords, which he shared on his blog, Zwillingssterns Weltenwald.

The post in question is entitled Create secure passwords, usable on US and German keyboards.

Arne goes into detail about what denotes a strong password –

“Use blocks of four letters, chosen at random from a set of safely recognizable characters which are in the same position on German and US keyboards. Delimit blocks by a delimiter chosen at random from another set of characters.”

There’s a Javascript version of the password generator on the post itself, as well as code for it in Javascript, Python, and Wisp. You can read the full post if you want to find out more, but I also thought I’d show you some of the passwords that the generator came up with.

password_generator

For a 12-character password: m3M4+v0Tg+ENHS

15 characters: QXL3+GWbh!vUqP.6d3

20 characters: VMCt!u6sF+Mxc5/fSwe/g7Vm

50 characters: MMWW.ruR3+vejH-7s6a.BiQi,89R5-51oq-FsFT,RK1M,HWmG*wvuj,D1om.9g

Well OK, 50 is probably overkill. One thing to point out – though you can use the password generator online, it’s much safer to download the web page and do it offline. I tried it – it works just fine!

There are a number of other sites that have a similar feature, but with any of these, I would recommend the same thing – download the page and generate the password offline.

Even if you don’t want to use these for your passwords, they can be fun to try out:

Strong Random Password Generator

password_generator

XKPasswd – Secure Memorable Passwords

xkpassword

 

GRC – Ultra High Security Password Generator

grc_passwords

Create Safe & Secure Passwords

norton_password

I confess that I don’t know which of these “generators” are the most or least secure, but if you come up with a passphrase that works for you, then more power to you.

That’s Utter Nonsense!!!!

Oh, I almost forgot – the username part! It’s up to you, but if you want a more pseudo-random username, I like to use nonsense word generators (which I also mentioned in the earlier blog post).

I used to use the one on http://www.soybomb.com/tricks/words/, but it seems to be having errors a lot lately.

There are quite a few more of these as well, some of which I’ll share:

Fake Word Generator For Great Made-Up Words!

fakewordgen

Unique Word Generator

uniquewordgen

 

Nonsense Word Generator

parsley_nonsense

Generate a list of random words

listofrandomwords

Obviously, you don’t have to do this, but it can be fun, and can also take the effort out of the whole, “What do I pick for a username?”

Here’s a random (or pseudo-random) result:

Username –

  • zo¥ᄀtomic

Password:

  • ET5h*XHd1*CUus.E6W

And there you go. Have fun, kids!

Oh, and you might want to use a VPN too.

 

 

 

Advertisements

About secretsofthedark

Have you heard of the dark web? Simply put, it's the "hidden internet" built on networks like Tor. "Secrets of the Dark" chronicles my dark web experiences, but is also aimed at demythologizing it and teaching about it. Want to reproduce one of the "horror stories"? Contact me at ciphas@protonmail.com.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s