invalid@example.com wrote in news:G7mdnbnMG_oSSSXaRVn_vwA@giganews.com:

[snip]

> I plan to store the randomish data in a text file encrypted
> with Axecrypt. Whenever I need a password. I will cut some
> characters out of the data, always using as many characters
> as the site or program will allow, and always using the
> maximum length password that the site or program will allow.
>
> I will then store the list of which passwords go with which
> sites or programs in another file, again encrypted with
> axecrypt, and back it up to 5 different places once a week
> or so.
>
> Am I right in thinking that this is the most secure way of
> dealing with multiple passwords?
>
> BTW. is there a formula that lets me plug in the length and
> the number of possible characters and tells me how big a brute
> force search would be?

I have a few comments.

1) Using a "password safe" seems a much easier way to achieve what you
want. There's either "password safe" or "keypass". You can use a very
secure passphrase to secure that master database of passwords.

2) If you're not happy with the random password generation feature of
those softs there are other open source varieties around.

3) Always choosing the largest possible password is -I **think**- a
flaw. That reduces the space of passwords an attacker will have to
search to find your password.

4) Number of passwords available is given by:

Total number of characters possible ^ length of passwords.

EG: a password of 8 characters picked from either uppercare alpha (26
chars) or lowercase alpha (another 26 chars) = 52^8.

That's a big number, but you can see how it's much bigger if you include
52^7 and 52^6 as well.

I often get this stuff wrong, so please check my answers before
implementing them.