Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 4 Aug 2009 09:18:41 +0100
From:      Anton Shterenlikht <mexas@bristol.ac.uk>
To:        Roland Smith <rsmith@xs4all.nl>
Cc:        freebsd-questions@freebsd.org, Modulok <modulok@gmail.com>
Subject:   Re: Secure password generation...blasphemy!
Message-ID:  <20090804081841.GC74277@mech-cluster241.men.bris.ac.uk>
In-Reply-To: <20090804075221.GA3909@slackbox.xs4all.nl>
References:  <64c038660908031928v15a76d15g5599e6f3fef936e1@mail.gmail.com> <20090804075221.GA3909@slackbox.xs4all.nl>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 04, 2009 at 09:52:21AM +0200, Roland Smith wrote:
> On Mon, Aug 03, 2009 at 08:28:52PM -0600, Modulok wrote:
> > I need a way to generate a lot of secure passwords. So, I read all
> > about it. Either people are getting way carried away, or I'm missing
> > something...
> 
> It is very easy to generate hard-to-guess semi-random passwords: 
> 
>    openssl rand -base64 6
> 
> some examples:
> 
> hJ9WQ0eK oOyHWEd4 W801vDIB mob29k5I RVDXkE/9 7BRHC+8h
> 
> Even though this is semi-random, these are still extremely hard to
> guess, and neither will a dictionary attack be much use. The _big_
> downside is that this kind of passwords are hard to remember. So people
> _will_ write them down. Which isn't a problem in itself, as long as they
> keep that piece of paper secure. (so not taped to their monitor, or
> under their keyboard.)
> 
> A better solution IMHO is to let people make their own acronyms, mixed
> with a little l33tsp34k. That way you can have something easy to
> remember, but still hard to guess. E.g. "Ask not for whom the bell
> tolls" would become "An4wtbt".

I really like the VMS password generation facility: 

UAF> modify donkey/generate_password

tratworman
cralopyter
bosequism
coshindius
jaritions

Enter PRIMARY password:

clumiump
wrielene
guirtiety
scapress
primpatly

Enter PRIMARY password:

odliesting
conetred
emenstate
ammycle
rasests

...

You are given a choice of 5 passwords to choose from.
If you don't like any, keep going until something
comes up that's easy to remember for you.

The system manager can specify the min required length.

I think this is a really nice utility, and VMS systems are
very rarely compromised, though perhaps VMS users are
better trained in password safe keeping. 

-- 
Anton Shterenlikht
Room 2.6, Queen's Building
Mech Eng Dept
Bristol University
University Walk, Bristol BS8 1TR, UK
Tel: +44 (0)117 928 8233 
Fax: +44 (0)117 929 4423



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090804081841.GC74277>