From owner-freebsd-questions@FreeBSD.ORG Tue Aug 4 07:52:25 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4185510656A3 for ; Tue, 4 Aug 2009 07:52:23 +0000 (UTC) (envelope-from rsmith@xs4all.nl) Received: from smtp-vbr12.xs4all.nl (smtp-vbr12.xs4all.nl [194.109.24.32]) by mx1.freebsd.org (Postfix) with ESMTP id ACCB48FC12 for ; Tue, 4 Aug 2009 07:52:22 +0000 (UTC) (envelope-from rsmith@xs4all.nl) Received: from slackbox.xs4all.nl (slackbox.xs4all.nl [213.84.242.160]) by smtp-vbr12.xs4all.nl (8.13.8/8.13.8) with ESMTP id n747qLoR084122; Tue, 4 Aug 2009 09:52:21 +0200 (CEST) (envelope-from rsmith@xs4all.nl) Received: by slackbox.xs4all.nl (Postfix, from userid 1001) id 3250AB853; Tue, 4 Aug 2009 09:52:21 +0200 (CEST) Date: Tue, 4 Aug 2009 09:52:21 +0200 From: Roland Smith To: Modulok Message-ID: <20090804075221.GA3909@slackbox.xs4all.nl> References: <64c038660908031928v15a76d15g5599e6f3fef936e1@mail.gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Kj7319i9nmIyA2yE" Content-Disposition: inline In-Reply-To: <64c038660908031928v15a76d15g5599e6f3fef936e1@mail.gmail.com> X-GPG-Fingerprint: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 X-GPG-Key: http://www.xs4all.nl/~rsmith/pubkey.txt X-GPG-Notice: If this message is not signed, don't assume I sent it! User-Agent: Mutt/1.5.20 (2009-06-14) X-Virus-Scanned: by XS4ALL Virus Scanner Cc: freebsd-questions@freebsd.org Subject: Re: Secure password generation...blasphemy! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Aug 2009 07:52:34 -0000 --Kj7319i9nmIyA2yE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 03, 2009 at 08:28:52PM -0600, Modulok wrote: > I need a way to generate a lot of secure passwords. So, I read all > about it. Either people are getting way carried away, or I'm missing > something... It is very easy to generate hard-to-guess semi-random passwords:=20 openssl rand -base64 6 some examples: hJ9WQ0eK oOyHWEd4 W801vDIB mob29k5I RVDXkE/9 7BRHC+8h Even though this is semi-random, these are still extremely hard to guess, and neither will a dictionary attack be much use. The _big_ downside is that this kind of passwords are hard to remember. So people _will_ write them down. Which isn't a problem in itself, as long as they keep that piece of paper secure. (so not taped to their monitor, or under their keyboard.) A better solution IMHO is to let people make their own acronyms, mixed with a little l33tsp34k. That way you can have something easy to remember, but still hard to guess. E.g. "Ask not for whom the bell tolls" would become "An4wtbt". Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --Kj7319i9nmIyA2yE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (FreeBSD) iEYEARECAAYFAkp36LUACgkQEnfvsMMhpyWSqgCeM1PO1q74ySkP+RB1KF04QLQX q5oAoK1syAy9PxJWu8IZ7XLtXoVA9NN+ =xp8t -----END PGP SIGNATURE----- --Kj7319i9nmIyA2yE--