Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 04 Aug 2009 10:32:15 +0200
From:      Peter Boosten <peter@boosten.org>
To:        Anton Shterenlikht <mexas@bristol.ac.uk>
Cc:        Roland Smith <rsmith@xs4all.nl>, freebsd-questions@freebsd.org, Modulok <modulok@gmail.com>
Subject:   Re: Secure password generation...blasphemy!
Message-ID:  <4A77F20F.5060500@boosten.org>
In-Reply-To: <20090804081841.GC74277@mech-cluster241.men.bris.ac.uk>
References:  <64c038660908031928v15a76d15g5599e6f3fef936e1@mail.gmail.com>	<20090804075221.GA3909@slackbox.xs4all.nl> <20090804081841.GC74277@mech-cluster241.men.bris.ac.uk>

next in thread | previous in thread | raw e-mail | index | archive | help
Anton Shterenlikht wrote:
> On Tue, Aug 04, 2009 at 09:52:21AM +0200, Roland Smith wrote:
>> On Mon, Aug 03, 2009 at 08:28:52PM -0600, Modulok wrote:
>>> I need a way to generate a lot of secure passwords. So, I read all
>>> about it. Either people are getting way carried away, or I'm missing
>>> something...
>> It is very easy to generate hard-to-guess semi-random passwords: 
>>
>>    openssl rand -base64 6
>>
>> some examples:
>>
>> hJ9WQ0eK oOyHWEd4 W801vDIB mob29k5I RVDXkE/9 7BRHC+8h
>>
>> Even though this is semi-random, these are still extremely hard to
>> guess, and neither will a dictionary attack be much use. The _big_
>> downside is that this kind of passwords are hard to remember. So people
>> _will_ write them down. Which isn't a problem in itself, as long as they
>> keep that piece of paper secure. (so not taped to their monitor, or
>> under their keyboard.)
>>
>> A better solution IMHO is to let people make their own acronyms, mixed
>> with a little l33tsp34k. That way you can have something easy to
>> remember, but still hard to guess. E.g. "Ask not for whom the bell
>> tolls" would become "An4wtbt".
> 
> I really like the VMS password generation facility: 
> 
> UAF> modify donkey/generate_password
> 
> tratworman
> cralopyter
> bosequism
> coshindius
> jaritions
> 
> Enter PRIMARY password:
> 
> clumiump
> wrielene
> guirtiety
> scapress
> primpatly
> 
> Enter PRIMARY password:
> 
> odliesting
> conetred
> emenstate
> ammycle
> rasests
> 
> ...
> 
> You are given a choice of 5 passwords to choose from.
> If you don't like any, keep going until something
> comes up that's easy to remember for you.
> 
> The system manager can specify the min required length.
> 
> I think this is a really nice utility, and VMS systems are
> very rarely compromised, though perhaps VMS users are
> better trained in password safe keeping. 
> 

Password guessing will crack these in a jiffy. Hardly secure I would say...

I use apg, like this:

/usr/local/bin/apg -x 8 -m 8 -l -MSNCL -s

8 characters, minimal one capital, number and special sign, and I could
use a previous used password (or random) as input.

Peter

-- 
http://www.boosten.org



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A77F20F.5060500>