Comment Re:One method I use (Score 1) 406
Let's see, you started with a common household phrase, which, depending on the length, doesn't contain too much randomness. You applied the eleet rule, which also is almost deterministic, and finalized with a deterministic permutation, the write-rows-read-columns. Knowing this whole procedure, it's just a matter of trying the most common phrases, applying this procedure before. Of course, if the attacker doesn't know the procedure, this is one source of randomness, but now that you've published it that randomness is gone.
As for my approach, I find it easier to let my brain learns the positions and sequence of the keys than to try to memorize the letter and hunt it down every time. I generate a random password using spwgen (available under debian) and then type it several times, trying to concentrate on the movement of the fingers, instead of the specific keys. So for example for the password 7$t-87c+ I try to concentrate on the fact that I use my right hand twice (with the left hand pressing the shift for the second key), and then my left followed again by the right 3 times etc. Of course this will depend on your own typing skills, but since for me it doesn't change that often, it makes for an easier to remember password.
I find I can remember quite a few of these passwords (even those I have not used for a while) and it makes learning new ones quite painless. Of course, I'd advise you to write them down for the first few days, keeping in a safe place (like pasted on your monitor;-). My favorite method of generating random passwords is, well, generating random passwords. I use a program called spwgen (available under Debian) to spit a few passwords, and then I type one at a time to find one that is too awkward to type. I then just type it several times to memorize the sequence of keys. I find I more readily remember the password if let the brain remember the
