Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Your approach is great, I think I'll use it too.

My current method for secure passwords on sites that have a max around 8 or 12 or so is to think of some song lyrics I know, pick n words, camel-case them, l33+-translate a couple letters, and add shift+numeral special characters to either side.



Thanks. You can cut and paste the passwords. Write an app like I did or if you trust others, download one. I like it because it's portable (no secret encryption crap) and easy to recall. Also, if one site is compromised, like gawker, and they happen to crack the password, they won't be able to use it anywhere else and won't know what your secret sentence(s) are.

Edit: One other neat thing about this approach is that you can honestly say that you don't know what the password is (if you are ever asked). You know how to create it, but you have no idea what it is. That may matter in some situations.


Your last point about claiming to not know the password is interesting... If I had a mustache I'd be stroking it by now. ;)

I ended up writing a simple shell script using sha256sum and dicing it several ways, a GUI app seemed a bit clunky for me.

    read -s p
    hash=`echo -n $p | sha256sum | sed -e 's/-//' | sed -e 's/ //'`
    echo '64: '$hash
    echo '40: '${hash:0:40}
    echo '20: '${hash:0:20}
    echo '16: '${hash:0:16}
    echo '12: '${hash:0:12}
    echo '10: '${hash:0:10}
    echo '08: '${hash:0:8}




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: