Tips for a Good DEK
There are several ways for creating good DEK that offer strong encryption without being too difficult to remember. Here we will examine some of the most practical techniques for this purpose.
First of all, a DEK has to be relatively long (the longer the better). It is not uncommon that in cases where data security is crucial, the DEK is a whole sentence. Yet the DEK has to be memorable too, because if we need to write it down its security can be compromised. If it is not feasible to remember the DEK, it is best to store it in a “password safe," an encrypted file that contains DEKs.
In order for the DEK to be memorable, it is best to use words or phrases that we have remembered for many years, perhaps the name of street we lived as a child, or the name of a role model. Using as a DEK a word or phrase that we just made up is quite risky, since we are bound to forget it in a few days or weeks.
A good DEK has to have special characters and/or numbers in it. The more complex it is, the better, as it will be more difficult to guess. For example, instead of “NikolaTesla" as a DEK, we could use this DEK combined with a memorable year (which is not obviously related to us): “NikolaTesla1996" or “Nikola1996Tesla". This way even if someone guesses “NikolaTesla" it won’t be enough to compromise the encryption system. Alternatives can incorporate special characters in the place of letters, for example “N1k0laTesla" or “N!k0laTesla", where i and o are substituted with 1 (or !) and 0 respectively. Just be consistent with the substitution you use, so that you can remember the DEK variation without difficulty.
Another useful technique is playing around with the higher and lower case of the letters. For example, if you alternate them, it would make the DEK harder to guess: “NiKoLaTeSlA". A bonus of this method is that the DEK variant is quite easy to remember this way.
A DEK can also be made up of seemingly random characters, which however are easy for us to remember because of their location on the keyboard. For example one such DEK could be “qweasdzxc", which comprises of the first 3 letters of the 3 rows of letters of a QWERTY keyboard.
Generally it is good to avoid words or numbers that are directly related to our person. For example, if someone is called “Mary Smith", is born in 1969 and has a son called “Kyle", the DEKs “Mary1969", “Kyle1969" and “Smith1969" are very weak ones, as someone may easily find them after a few guesses.
It’s also quite useful to avoid using the same DEK in more than one place. This is because if one of them is hacked and your DEK discovered, this would comprise the other place(s) too.