Passwords are difficult. On the first hand, you want to create a password that uncrackable by anyone, lest they be teenage hackers or CSI experts with magical hacking tools. On the other hand, the password has be rememberable by you yourself, lest only teenage hakcers and CSI experts with magical hacking tools are able to access your data.

So, how do you make passwords?

One of the more secure ways are to use a random letter generator, like random.org, to build random strings, pick one, and memorize it. It’s pretty secure (random.org uses real random noise to produce it’s random numbers)and with seven random alphanumeric characters, the password search space is about 2.2 trillion combinations! But are you really going to remember “QRSr0Fu” or “W96TUON” two weeks from now? (My generated set had “myELlRK” which I might be able to remember…) If you type your password every hour or so, you might remember this by muscle memory pretty quick. Just in time to have to change it, I bet.

Another way is to take a word or phrase, turn some letters into |33+sp34k, and you get something more random, but much more rememberable. So, for example, “minivan” becomes “m1n1v4n!” and “washington” becomes “w4sh1ngt0n!?!” These are actually quite rememberable; the use of non-standard characters disallows the use of rainbow tables and dictionary attacks, so they’re much less suseptable to cracking. However, what happens when you forget the “!”, or that “Washington” gets “?!?” or that you did NOT turn “t” into “+”? You could end up going through a few cycles trying to “guess” your own password. Again, if you use it all the time, you’ll learn by muscle memory. And this lets you come up with some cool passwords, like “c4p+41nK1rk”. How can you beat that?

My favorite way, however, lets you write your password down in plain sight. I tend to cycle through passwords, and if you’re anything like me you have two online banking passwords, four credit card or loan company passwords, a work domain password, 6 email passwords, a home log in password, etc, etc, etc. If you take the easy way out and use the same password everywhere, you end up making kittens and security experts cry. If, however, you have a completely separate randomized combination for each account, your brain will get stuck in an infinite loop. Using this method, you get to write down your passwords and tack them to the wall. Or put ‘em on a sticky note. In plain sight. Email them to yourself without a care. It uses a special type of encryption to keep your password safe. Not AES or DES or TEA or other TLAs. I call this “Hippocampy Encryption” (named in honor of the part of the brain that does memory type activities).

The key is to write down a set of clues that will tell you (but only you) what your password is. You can add symbols to help you remember what kind of encoding to use for your password. Here’s a password I just made up right now as an example:


Shawn's rival ^
shout your home team
Esirpretne
Sam.


Because everything on this note is simply a hint for your specific brain to recall a password, it’s specific to you. Hints don’t even have to have anything to do with the subject. The hint “Red October” could tell you the word “fortworth”, whereas for me, I’d be trying “R4M1US”, “M1SSL3S”, “jackryan”, “TomClancy”, etc. You can string three or four hints together for a password. Note, these create long passwords, and your coworkers may start to believe that you have a superhuman capacity for memorizing long strings of randomized data. Do not do anything to dissuade them from this belief. And, because the hints point to common words and numbers already lodged in your grey matter, you may be suprised just how fast you type in that 20 character long password. Compared to my speed on 7 character random strings, it’s blazing.

And due to the pattern matching ability of your brain, remembering the passwords are easy. Lets say you’ve written your clue on the back of one of your business cards, so you have it handy if you need it. After a few days, just SEEING a business card will bring your new password to the front of your mind. After a while, you’ll stop needing your hint sheet, as you’ll just remember the password. And when it comes time to change your password, shred your card and your postit, post a new one (in a different color if you can, helps the brain), and give yourself a few days. Unlike scrawling your random digits on a paper or card, even if somebody stole your “Hippocampically Encoded” card, they would have to REALLY know you (or be a really good guesser) to get the password. Even with your card, you’ve reduced them to brute searching. And if your card/note turns up missing, it takes about 30 seconds to whip up a new hint sheet. Not only is your attacker brute forcing your hint sheet, but it’s the wrong hint sheet anyway!

So… have you guessed my password above? It’s GARYkemp!1071Max. ‘Course, you’d only know that if you knew that I played Pokemon and left my rival’s name at default, that I decided that “^” meant “Make it all uppercase”, that my home team is the Kemp High School (and that I was talking high school football), that by “Shout” I meant “give it an exclamation point”, but that the whole word should be lower case (because the hint is), that Esirpretne is “Enterprise” backwards, and that I meant to make the serial numbers backwards (but not the NCC part), and that by Sam (a very common name) I meant “Give me the name of Sam’s partner in that incredibly funny cartoon by Steve Purcell, Sam and Max: Freelance Police.” The period is just decoration. If you did guess it, contact the NSA. I hear they’re hiring people like you.

I’m not going to tell you my name for two reasons: first, I don’t want a million tickets assigned to me asking if I’m crazy. Second, if I am crazy, I don’t want anyone knowing it’s me.

I’m not a writer myself, so I asked Shawn to write this up for me. He’s a programmer, and more important a Trekkie, so he’s likely to understand (and more important, believe) this story. Besides, he’s written a few humorous, slightly preposterous posts for this blog, and that’s very, very important.

Unlucky as I am, I was the first person to notice something strange going on. I’m a datacenter tech for the company (but I’m not going to tell you WHICH datacenter), and my job… well, I’m the power guy. I make rounds in the datacenter, checking breakers and power panels, keep an eye on voltages in the portal, that kind of thing. No power issues at the datacenter? That’s because of me. So, I’m perusing the tickets and keeping an eye on things, like I should.

As I was answering a particularly interesting ticket, I received an IM from a datacenter engineer I hadn’t met yet. That’s not surprising; we’re growing like crazy here, and I don’t always get the “Welcome a new employee” email before I find myself working with the guy or gal. I finished my ticket and opened up the IM window. It was from “Nnet,” and the contents caused me to leap out of my seat:

“The power strips on the new racks (205, 206, 207) are drawing too much current; it will pop the breakers in 52 minutes, 12 seconds.”

I had just CHECKED those racks. I walked down to the server room, muttering about some whippersnapper of a new engineer playing a trick on me. I was going on vacation in a week, and I did NOT want any power issues; I was training another engineer to take the console while I was gone, and if anything happened during testing I would surely be called in. Anyway, I walked into the server room and checked the gauges on the power panel.

And they were drawing almost a full five amps too much. If we had turned on the third rack, the whole aisle would have gone down. That wouldn’t have been too bad; no servers were hooked up. This is exactly why we test the power before we put servers in.

I and the rack crew worked for about an hour rewiring the racks, starting from the third rack. Sure enough, about 52 minutes later, rack 205 shut down. Mentally thanking “Nnet” for finding this (and more importantly, not tinkering with it before letting me know!), we got the racks wired more efficiently (they’re supposed to be on separate breakers, but the electrician labeled the wires wrong), reset the breakers, and had absolutely no issues for the rest of the day.

I got back and thanked “Nnet” for finding that issue. The next day, I got to thinking about how “Nnet” had saved my vacation (I would have spent all week tracing wires to figure out what had happened), and I wanted to invite him or her to lunch. So I IMmed “Nnet” with an invitation. An hour went by with no response, but it’s not too strange to have a datacenter tech away from their desk for a couple hours. So I sent an email to Nnet.

The email bounced back.

Maybe HR hadn’t set up the email yet? So I called them up to see what was up with Nnet’s email address.

That’s when HR told me that nobody with the last name “Net” had been hired (I thought “Net” was a strange name for a tech, but it’s not the strangest last name I’ve ever heard). I called the networking department to ask how I could receive a company IM from somebody who doesn’t work here? They researched it and couldn’t find any incoming links through our firewalls or any of the internal logs. Stranger yet, the Jabber server indeed DOES have an account for “Nnet”, but the engineer who runs the server swears that he never set that up.

We were discussing this back and forth when one of the developers walked by, overhearing our conversation. He laughed, and when we asked why, he told us that he was reading a book about the human brain, and that the brain is made up of million of millions of neurons all interconnected with each other; that these interconnected neurons work together to create intelligence.

Could that be true? Absolutely not. It’s preposterous. Sure, we’ve got tens of thousands of computers around here, dual cores and quad cores running various operating systems and applications, all connected by an incredibly fast private network…

…could it be?

The engineers are all completely sure that one of the datacenter techs must be playing a joke, and they’re currently tracking it down. But I’m not too convinced. “Nnet” knew which power strips were having trouble in a room keycarded to open only for me and a hand full of other techs. And they all swear they didn’t send it.

That’s when I talked to Shawn. He told me that there’s a lot of technically minded people out there who read fantastic science fiction stories and come up with solutions… even knowing that the tech is impossible, they can find a way to solve the problem. So we hatched up this idea to write out a fantastic blog post, an interesting narrative of my predicament.
Then we’d post it to the blog and watch for any discussion on the customer forums. Our customers are really smart, and they like solving problems. Maybe somebody out there has an idea of how we can figure out what’s going on around here.

So here’s the story. A completely fantastic modern day science fiction story about a sentient datacenter.

Preposterous!

…any ideas?