From owner-freebsd-questions@FreeBSD.ORG Tue Aug 4 08:18:47 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B7C991065670 for ; Tue, 4 Aug 2009 08:18:47 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from dirj.bris.ac.uk (dirj.bris.ac.uk [137.222.10.78]) by mx1.freebsd.org (Postfix) with ESMTP id 746EE8FC12 for ; Tue, 4 Aug 2009 08:18:47 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from seis.bris.ac.uk ([137.222.10.93]) by dirj.bris.ac.uk with esmtp (Exim 4.69) (envelope-from ) id 1MYFEI-00004N-GK; Tue, 04 Aug 2009 09:18:46 +0100 Received: from mech-cluster241.men.bris.ac.uk ([137.222.187.241]) by seis.bris.ac.uk with esmtp (Exim 4.67) (envelope-from ) id 1MYFEH-00029o-NV; Tue, 04 Aug 2009 09:18:42 +0100 Received: from mech-cluster241.men.bris.ac.uk (localhost [127.0.0.1]) by mech-cluster241.men.bris.ac.uk (8.14.3/8.14.3) with ESMTP id n748If3v074500; Tue, 4 Aug 2009 09:18:41 +0100 (BST) (envelope-from mexas@bristol.ac.uk) Received: (from mexas@localhost) by mech-cluster241.men.bris.ac.uk (8.14.3/8.14.3/Submit) id n748If8a074499; Tue, 4 Aug 2009 09:18:41 +0100 (BST) (envelope-from mexas@bristol.ac.uk) X-Authentication-Warning: mech-cluster241.men.bris.ac.uk: mexas set sender to mexas@bristol.ac.uk using -f Date: Tue, 4 Aug 2009 09:18:41 +0100 From: Anton Shterenlikht To: Roland Smith Message-ID: <20090804081841.GC74277@mech-cluster241.men.bris.ac.uk> References: <64c038660908031928v15a76d15g5599e6f3fef936e1@mail.gmail.com> <20090804075221.GA3909@slackbox.xs4all.nl> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20090804075221.GA3909@slackbox.xs4all.nl> User-Agent: Mutt/1.5.20 (2009-06-14) X-Spam-Score: -1.5 X-Spam-Level: - Cc: freebsd-questions@freebsd.org, Modulok Subject: Re: Secure password generation...blasphemy! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Aug 2009 08:18:48 -0000 On Tue, Aug 04, 2009 at 09:52:21AM +0200, Roland Smith wrote: > On Mon, Aug 03, 2009 at 08:28:52PM -0600, Modulok wrote: > > I need a way to generate a lot of secure passwords. So, I read all > > about it. Either people are getting way carried away, or I'm missing > > something... > > It is very easy to generate hard-to-guess semi-random passwords: > > openssl rand -base64 6 > > some examples: > > hJ9WQ0eK oOyHWEd4 W801vDIB mob29k5I RVDXkE/9 7BRHC+8h > > Even though this is semi-random, these are still extremely hard to > guess, and neither will a dictionary attack be much use. The _big_ > downside is that this kind of passwords are hard to remember. So people > _will_ write them down. Which isn't a problem in itself, as long as they > keep that piece of paper secure. (so not taped to their monitor, or > under their keyboard.) > > A better solution IMHO is to let people make their own acronyms, mixed > with a little l33tsp34k. That way you can have something easy to > remember, but still hard to guess. E.g. "Ask not for whom the bell > tolls" would become "An4wtbt". I really like the VMS password generation facility: UAF> modify donkey/generate_password tratworman cralopyter bosequism coshindius jaritions Enter PRIMARY password: clumiump wrielene guirtiety scapress primpatly Enter PRIMARY password: odliesting conetred emenstate ammycle rasests ... You are given a choice of 5 passwords to choose from. If you don't like any, keep going until something comes up that's easy to remember for you. The system manager can specify the min required length. I think this is a really nice utility, and VMS systems are very rarely compromised, though perhaps VMS users are better trained in password safe keeping. -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 928 8233 Fax: +44 (0)117 929 4423