This is the kind of password I use to protect my actual secrets. So if someone is able to crack it, I'd like to know. The bounty is for a 'realistic' use case.
If you want to avoid wordlist vulnerabilities, try this:
Choose a lyric from a favorite song. Concatenate the first letter of each word in the lyric. Example:
“Rock the Casbah
Sharif don't like it”
Becomes:
rtcsdli
Add capitalization or numbers/special characters according to your own pref. For example, maybe your decide to alternate lower and upper case and always end with a bang:
rTcSdLi!
Although you have to use the same capitalization rules for all passwords if you have any hope of remembering them.
That is security by obscurity. If somebody knows your method, they can scrape the lyrics for all popular songs, narrow your password down to a few million possible passwords and just try them all.
10s of thousands of popular songs, dozens of lines per song.
> Although you have to use the same capitalization rules for all passwords if you have any hope of remembering them.
So no additional combinations from that. Your algorithm is simple and common enough that it's possible that an attacker can figure it out from a single leaked password. With one leaked password they've compromised all of your passwords to anything they have the capability of trying a few million passwords on.
You wrote Pooh songs. Not me. There are millions of songs with lyrics. Billions of lines of lyrics. Trillions of combinations that include upper and lower case. Good luck.
This is the kind of password I use to protect my actual secrets. So if someone is able to crack it, I'd like to know. The bounty is for a 'realistic' use case.