From owner-freebsd-questions@FreeBSD.ORG Tue Aug 4 08:32:23 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C833A106564A for ; Tue, 4 Aug 2009 08:32:23 +0000 (UTC) (envelope-from peter@boosten.org) Received: from smtpq3.gn.mail.iss.as9143.net (smtpq3.gn.mail.iss.as9143.net [212.54.34.166]) by mx1.freebsd.org (Postfix) with ESMTP id 5A1878FC12 for ; Tue, 4 Aug 2009 08:32:23 +0000 (UTC) (envelope-from peter@boosten.org) Received: from [212.54.34.146] (helo=smtp15.gn.mail.iss.as9143.net) by smtpq3.gn.mail.iss.as9143.net with esmtp (Exim 4.69) (envelope-from ) id 1MYFRS-0000Rn-Ns; Tue, 04 Aug 2009 10:32:18 +0200 Received: from [84.25.72.219] (helo=ra.egypt.nl) by smtp15.gn.mail.iss.as9143.net with esmtp (Exim 4.69) (envelope-from ) id 1MYFRR-0007Kv-09; Tue, 04 Aug 2009 10:32:17 +0200 Received: from [127.0.0.1] (xp.egypt.nl [192.168.13.35]) by ra.egypt.nl (Postfix) with ESMTP id 0B8A63983C; Tue, 4 Aug 2009 10:32:14 +0200 (CEST) Message-ID: <4A77F20F.5060500@boosten.org> Date: Tue, 04 Aug 2009 10:32:15 +0200 From: Peter Boosten User-Agent: Thunderbird 2.0.0.22 (Windows/20090605) MIME-Version: 1.0 To: Anton Shterenlikht References: <64c038660908031928v15a76d15g5599e6f3fef936e1@mail.gmail.com> <20090804075221.GA3909@slackbox.xs4all.nl> <20090804081841.GC74277@mech-cluster241.men.bris.ac.uk> In-Reply-To: <20090804081841.GC74277@mech-cluster241.men.bris.ac.uk> X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-ZiggoSMTP-MailScanner-Information: Please contact the ISP for more information X-ZiggoSMTP-MailScanner-ID: 1MYFRR-0007Kv-09 X-ZiggoSMTP-MailScanner: Found to be clean X-ZiggoSMTP-MailScanner-SpamCheck: not spam, SpamAssassin (not cached, score=-1.111, required 5, autolearn=not spam, BAYES_05 -1.11, SPF_PASS -0.00) X-ZiggoSMTP-MailScanner-From: peter@boosten.org X-Spam-Status: No Cc: Roland Smith , freebsd-questions@freebsd.org, Modulok Subject: Re: Secure password generation...blasphemy! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Aug 2009 08:32:24 -0000 Anton Shterenlikht wrote: > On Tue, Aug 04, 2009 at 09:52:21AM +0200, Roland Smith wrote: >> On Mon, Aug 03, 2009 at 08:28:52PM -0600, Modulok wrote: >>> I need a way to generate a lot of secure passwords. So, I read all >>> about it. Either people are getting way carried away, or I'm missing >>> something... >> It is very easy to generate hard-to-guess semi-random passwords: >> >> openssl rand -base64 6 >> >> some examples: >> >> hJ9WQ0eK oOyHWEd4 W801vDIB mob29k5I RVDXkE/9 7BRHC+8h >> >> Even though this is semi-random, these are still extremely hard to >> guess, and neither will a dictionary attack be much use. The _big_ >> downside is that this kind of passwords are hard to remember. So people >> _will_ write them down. Which isn't a problem in itself, as long as they >> keep that piece of paper secure. (so not taped to their monitor, or >> under their keyboard.) >> >> A better solution IMHO is to let people make their own acronyms, mixed >> with a little l33tsp34k. That way you can have something easy to >> remember, but still hard to guess. E.g. "Ask not for whom the bell >> tolls" would become "An4wtbt". > > I really like the VMS password generation facility: > > UAF> modify donkey/generate_password > > tratworman > cralopyter > bosequism > coshindius > jaritions > > Enter PRIMARY password: > > clumiump > wrielene > guirtiety > scapress > primpatly > > Enter PRIMARY password: > > odliesting > conetred > emenstate > ammycle > rasests > > ... > > You are given a choice of 5 passwords to choose from. > If you don't like any, keep going until something > comes up that's easy to remember for you. > > The system manager can specify the min required length. > > I think this is a really nice utility, and VMS systems are > very rarely compromised, though perhaps VMS users are > better trained in password safe keeping. > Password guessing will crack these in a jiffy. Hardly secure I would say... I use apg, like this: /usr/local/bin/apg -x 8 -m 8 -l -MSNCL -s 8 characters, minimal one capital, number and special sign, and I could use a previous used password (or random) as input. Peter -- http://www.boosten.org