Feeds

back to article Use the holy word of God to stay secure online, says bishop

A bishop in Blighty has suggested that passages from the Bible can be used to create memorable but hard to crack passwords. The Right Reverend James Langstaff urged his congregation to stop using pets' name or stock phrases for login credentials in favour of passwords derived from passages in the New Testament. "The Bible …

COMMENTS

This topic is closed for new posts.

Page:

It's actually not a bad idea. In a similar but more secular vein I got my mum to start using decent passwords by suggesting the same thing with lines from Shakespeare. Take a line you'll remember, use the first letters from it; change one or two into 'matching' numbers and one or two into caps if digits or mixed case required by whatever you're setting the password on...

7
1
Bronze badge

While the basic idea is not bad (or original), using the most popular book in the world for this purpose is not so smart. If you choose a popular verse from the KJV, as I'm sure many people will, you'd probably be better off with a dictionary word. If you use an obscure verse from a less famous version that should be good enough for most purposes.

3
1
Anonymous Coward

hmm

Personally, I use Gilbert and Sullivan lyrics.

0
0
Silver badge
Headmaster

Re: hmm

Shakespeare, along with act & line nos.

1
0
Silver badge

@RachelG

You mean like using "Tr0u4dor&3" as opposed to "Correct horse battery staple"?

7
0
Silver badge

Re: @RachelG

ah as in

http://xkcd.com/936/

0
0

In and of itself, not necessarily a bad idea. Selecting a book at random would improve it, perhaps, though maybe not from the Bishop's perspective :-).

But not exactly a new thought. Book codes, and their variants, have been around a while, no?

5
0
Silver badge
Devil

Book codes, and their variants, have been around a while, no?

For many years all the way up to WW2.

If memory serves me right, Soviet intelligence (or to be more exact whatever was left from it after Stalin ordered its extermination in 1937-1939) used book codes to communicate throughout the war.

From a crypto perspective a book code is a form of one time pad. If it is executed correctly (no reuse) it is a very strong encryption method.

1
0
Silver badge

The bible has no mention of passwords, but it does use a word for security: 'shibbólet.' The authentication value doesn't come from secrecy, but pronounceability: It's very hard for anyone not a native speaker of hebrew (at least as it was spoken then) to pronounce the word correctly. After the Israelites forceibly evicted another tribe from some contested land, it was used to tell returning refugees apart from innocent travelers. True israelites could say it right, while any survivor of the enemy who learned hebrew as a second language and tried to bluff his way to safety would mispronounce it and promptly be run through with a sword.

12
0
Bronze badge

re: sibboleth (*)

Heh... came here to make exactly the same comment.

(*) It seems google doesn't recognise my spelling... perhaps it would make a good password?

0
0

". After the Israelites forceibly evicted another tribe from some contested land,"

Some things never change......

15
0
Bronze badge
Windows

Re: re: sibboleth (*)

Me too. Got beaten also...RATS!

Incidentally, one of my older passwords was a Finnish word, in which, when written in capitals the letters all contained angles of 45 or 90 degrees...More memorable than the book of Deutor...Dewter...something-onomy.

1
0
Boffin

You beat me to it... but I was thinking of it as nationality-level biometrics.

0
0
Happy

I remember hearing before that they used to try to identify German spies during the World War by asking them to say 'Squirrel' as apparently it was impossible for those who grew up speaking German to pronounce.

Probably an urban legend but at least it's gotten everyone who reads this to say squirrel out loud, so the worlds a more squirrelly, therefore better, place.

3
0
Silver badge

pronunciation

Have a non-native Dutch speaker pronounce "Scheveningen"

0
0
Anonymous Coward

Is Graham Cluley taking the piss?

How often does an attacker know the religion of the person who owns the email account they're trying to crack?

And given hackers don't currently use lists of common bible quotes in brute force attacks, warning that "they might" in future isn't exactly useful advise....

2
7
Bronze badge

Re: Is Graham Cluley taking the piss?

Well, if it's Anonymous trying to hack the Vatican...

1
1
Bronze badge

Re: Is Graham Cluley taking the piss?

Come on, use you imagination! For example if it's your Facebook account, there are probably clues in there. Ditto for your home computer. Other times the website itself could be big clue (Christian singles or what have you). And then there are people you pick user names like ChristWarrior129.

I partly agree on the other point, but security gurus much prefer solutions that are still good even if everybody starts using them. Perhaps they give that too much weight, but it's a worthy ideal.

3
1
Anonymous Coward

Re: Is Graham Cluley taking the piss?

You're missing the point. Hackers don't generally target individuals, they blanket bomb to crack weak passwords.

If you seriously think there's someone out there going through your facebook profile, to figure out what you're into, so they can make an informed guess that if you like, say, guitars, then your password might be an acronym made up of the initials of the big guitar manufacturers, Gibson, Fender, Gretsch, Rickenbacker, followed by the vintage year for Les Pauls, and then they'll try typing in GfGR1959 ..... you're giving the importance of your account far too much weight.

You could say "hackers will come up with tables for this if it becomes popular" for just about any password strategy. It's a meaningless statement. Do those tables exist? No. Is this actually not a bad suggestion by Bishop Thingy? Yes, compared to what people usually use as passwords.

Security consultants would do well to recognise half decent suggestions as well as invent imaginary attacks that have no basis in reality.

6
5
Bronze badge

Re: Is Graham Cluley taking the piss?

Blanket and targeted attacks are both realistic threats, blanket attacks are more common, but targeted attacks are potentially more devastating.

On the other issue, I really think you are the one missing the point. The point is that it's low entropy. There are around 30,000 verses in the bible. Even at face value, that's only about as good as say "licorice7" (common word + digit). And the vast majority of verses are not going to be used, because they're too long, too dry, or teach something horrible like murdering your kids.

So mystical aspects aside, the only thing this method has going for it is that it's not currently popular. If it remains unpopular, good for the few people who use it, but plenty of other password advice out there says good even if lots of people use it.

3
0
Silver badge
Headmaster

@disgruntled yank

I doubt may for Anonymous would even recognize the original Vulgate. Not to mention the original Vulgate introduces yet another variable that would need to be identified since you'd need to know the size of the manuscript from which the passwords were taken.

0
0
Silver badge

Re: around 30,000 verses in the bible

Only if you leave it strictly where the Bishop did. First off, I count 30 different English translations, while some of them will generate similar character lineups, I am quite sure the KJV and the GNT won't. Next up, you can combine different verse sets for the character bits, or you can use the actual translated text, or you can use the translated text with Le3t! spellings. Or you can leet the first character sets, or... And at that point you are doing more work trying to build the cracking bible that you would just trying to brute force the password. I would add that modern intelligence techniques have generally failed when dealing with religious oriented codes. Most famously the Israeli codes were never broken by the Arabs during its first war after its formation. IIRC, they were sending short letter and number bursts which referenced specific verses, and the verse communicated the relevant information.

It is generally agreed that easily remembered pass phrases are far more secure than short passwords. In part because you don't know what some is using as his cypher pad, and in part because you can't assume he is using a cypher pad so you have to account for brute force passwords as well.

0
0
FAIL

Whilst agreeable, wheres the special characters!?

'****ing' flawed idea, to promote "bull****", if you ask me!

two examples of special character passwords ;-) probably more secure than the referrences to chapters which could be databased/brute forced!

0
1

To be fair, sites protected by christianity are actively knocked offline by Interpol.

2
2

Sanskrit

Well, if you want to crack my passwords...

1. You need to know Sanskrit

2. You need to know my past

3. You need to know my mind (and even I have a problem with that!)

Akanda Mandala Karam. There are multiple ways of spelling that phonetically, such as Akanda - it could be Achanda, Achandha, Akandha, Acandha... FWIW, this is the first phrase of the guru puja. Finally, this phrase has zip to do with any passwords I use... :-)

2
0
Silver badge
Joke

@William

Thanks for the hints, couldn't have done it without you.

Please ignore the 2500 transfer to the Swiss alps, thanks :-)

5
0
Bronze badge
Joke

so...

"Exp1al1doc1ous" is right out the window(s) then? *snort*

0
0
Silver badge
Devil

Re: so...

You could always go for:

"Let him who hath understanding reckon the number of the beast, for it is a human number. Its number is 666"

A bit long, but very memorable.

Would be a good BOFH password, once he has given up on "Grievous bodily harm"

Icon, because, well....

0
0

Revealing the secret of creating secure passwords

http://www.dynamicnet.net/2012/03/weak-passwords-open-doors/ is our take on using common words to create a secure password that is hard to crack.

As long as Reverend James Langstaff followers keep in mind social engineering tricks (i.e. they don't broadcast favorite verses, chapters, persons, etc. in the Bible), they should be fine using his method.

When you consider most users will do as they please in favor of convenience for passwords, what would you rather? To have them lean more towards security by making it easier or stick with old methods that while they work, don't lend to user conversion?

0
0
Bronze badge
Pint

How about Leviticus?

On slavery done right: "Your male and female slaves are to come from the nations around you; from them you may buy slaves. You may also buy some of the temporary residents living among you and members of their clans born in your country, and they will become your property." Leviticus 25:44-45

On the death penalty as applicable to children for cussing: "For everyone who curses his father or his mother shall surely be put to death." Leviticus 20:9

So sayeth the Lord. Amen. WTF?

8
2
Silver badge
Go

Re: How about Leviticus?

Ezekiel 23:20 - can't quote it here, too NSFelReg! What a gal!

1
0
Silver badge
FAIL

Re: How about Leviticus?

"On the death penalty as applicable to children for cussing: "For everyone who curses his father or his mother shall surely be put to death." Leviticus 20:9"

WTF indeed.

Cussing - "Dad, fuck off."

Cursing - "Dad, I curse your dick with the plague and hope it goes gangrenous and drops off." and all parties expecting it to actually happen

See the difference between modern "cussing" and ancient, superstitious cursing?

It's an invitation to destroy "witches" not to execute children for bad mouthing their parents.

It has also been known for parents to have children who manage to grow up to adulthood so that quotation doesn't necessarily imply only young children.

disclaimer: I don't believe in sky pixies of any flavour but do have a fair mind.

2
3
Anonymous Coward

Jeffy bible bait fail

Old testament = Jewish holy book.

New testament = story of Jesus telling Jews they're doing it wrong.

If you want to bible bait christians, quote the christ.

0
0
Bronze badge
Pint

Re: Jeffy bible bait fail

Here:

http://www.infidels.org/library/modern/paul_carlson/nt_contradictions.html

Knock yourself out. :-)

0
0
Anonymous Coward

Re: Jeffy bible bait fail

http://www.biblicalnonsense.com/

Above is a gold mine of interesting tidbits. The phrase "salad bar Christian", picking and choosing their favorite bits and trying to ignore the rest, is apt.

Commentary: Christians should be taking the lead on sorting out the whack jobs (e.g. Westboro) within their own ranks. Seriously.

1
1
Anonymous Coward

@westboro

Liberals and Democrats should be taking the lead on sorting out whack jobs eg. Vladimir Zhirinovsky within their own ranks. Seriously.

0
0

Re: @westboro

Ah I see, liberals and Democrats can't be Christians too? Gotcha.

1
1
Anonymous Coward

@salad bar

"If you don't fit in my straw man evil fundamentalist nutjob suicide cult stereotype, you are a bad christian".

Here's another gold mine for you:

http://en.wikipedia.org/wiki/Lutheran#Doctrine

FWIW, to me there are core tenets in christianity (love your neighbour as you love yourself), which in turn helps to put meaning on everything else (prime directive :P). As for the bible, its purpose is to help reflect on yourself, not a legal document to bash others with (see christ vs. pharisees).

1
0
Bronze badge
Pint

YwetfoysatfoydL2630ish

"You will eat the flesh of your sons and the flesh of your daughters." Leviticus 26:27-30

It's like chess, the good Bishop has been pawned.

5
0
Anonymous Coward

Re: YwetfoysatfoydL2630ish

Yes, jeffy, we get the point that you've managed to find some unpleasent stuff in the bible. Leviticus can be rather problematic, basically though, you shouldn't quote it if you're not an ultra orthodox Jew. There is also the matter of the new testement superceding the old. See if you can find anything nice to quote, it's a lot easier.

2
9
Silver badge

Re: YwetfoysatfoydL2630ish

It's a pity all those quoting Leviticus 18:22 don't seem to remember that

3
0
Anonymous Coward

Re: YwetfoysatfoydL2630ish

Context is a wonderful thing! :)

The quote describes what Israel would end up like if they *didn't* follow the Lord's commands.

Unlike the primitives of 4000 years ago we don't eat our children. We are far too civilised for that!

We have better tech too. We choose to chop them up before they are born and throw them away - its quieter that way. Well over 200,000 children per year in the UK alone. Eat them? That's disgusting!

Go Modernity!

The NT doesn't supersede the OT, it is two parts of one story. The historical bits of the OT chart the decline of God's people for want of a decent leader. They get so bad they are compared unfavourably to the proverbial cities of Sodom and Gomorrah. The NT resolves the leadership issue and spells out explicitly how god executes justice for all the wrong in the world without destroying everyone.

Meanwhile, back on topic....

Any well known phrase as a password is going to be an issue. It may not be likely that the phrase is added but software encapsulates skill and the databases grow. The upshot is that an obscure phrase is likely to be better than "password1" Personally I have different password classes, websites I don't care about, websites I buy stuff from and banking are some of them. Use some common sense!

1
2
Alien

Ph’nglui mglw’nafh Cthulhu R’lyeh wgah’nagl fhtagn

You will need all 24 tentacles to type that one phonetically.

10
0
Silver badge

Cracking that passphrase will make the cracker insane!

3
0

This post has been deleted by its author

Silver badge
Coat

Re: Isnane or Welsh!

So do you use Llanfairpwyllgwyngyllgogerychwyrndrobwllllantysiliogogogoch as pass phrase?

Cwmtwrch is a shorter favourite

0
0
Devil

YHWH

Biblical Audio Captcha:

Please speak the word that you see in the box above into the microphone now

There. Security of biblical proportions

2
0
Angel

Re: YHWH

"Please remain where you are. An angry mob will be around shortly to stone you to death."

7
0
Silver badge

Re: YHWH

Look, I'd had a lovely supper, and all I said to my wife was: "That piece of halibut was good enough for Jehovah!

13
0
Bronze badge
Windows

Does this work?

סיסמה

3
0

Page:

This topic is closed for new posts.