here is another one for you. there is another utility called "jive". take your original passphrase, run it through that and then use that to generate a hash. good luck guessing that one. :) -eric from the central office of the Technomage Guild On Feb 3, 2017, at 10:25 AM, Janina Sajka wrote: > This has been a very good thread. > > I have one additional suggestion which is to add something you > personally know, but that could not be guessed very easily, nor exposed > by a dictionary attack. > > I find alternative, non standard phonetic spellings helpful this way. > Even better are obscure, obsolete spellings of place names, people, > objects, or concepts, particularly > if the source language isn't English. > > On its own this strategy is insufficient, of course. But two or three > such terms, plus the hashing described below, builds up a good password, > imo. > > Of course, it's also important to employ available technology to thwart > scripted attacks, e.g. with applications like denyhosts or fail2ban. > Also, if you don't need to be open to access from the general public, > move to IPv6 and shutdwon as much IPv4 access as possible. Anyone who > has external access to any of my machines understands they need to come > in via IPv6, because I'm not listening for connections on IPv4. > Obviously, that doesn't work for mail or web traffic, but it's really > helpful for sshd. > > PS: If we've not mentioned it, the pwgen command has many useful > options. > > Janina > > Tim Chase writes: >> I've used a technique that's come to be known as "password >> haystacks" (see link below) which involves simply padding your >> good (or even written shoulder-surfable) password out to a reasonable >> length to make the brute-force cracking all the more complex. >> >> So say my password is "correct horse battery staple". I might take >> that and then add 8 periods at the end. Or 10 ampersands. Or >> alternate dash-equals-dash-equals as many times as you want. Or >> whatever secret character or characters you want and however many of >> them you want. It's also particularly handy if you have to change >> your password on a regular basis (I usually just change the haystack >> characters). >> >> Alternatively, if you use a GUI and "keepassx" is accessible in your >> screen-reader, it allows you to generate strong passwords, keep them >> safe behind one master password, keep them hidden from >> shoulder-surfing eyes, and will auto-type them into the last window >> you were in. This is the solution I use for most passwords (except >> my master passwords, for which I use the haystack method). >> >> -tim >> >> https://www.grc.com/haystack.htm >> >> >> >> >> >> _______________________________________________ >> Blinux-list mailing list >> Blinux-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/blinux-list > > -- > > Janina Sajka, Phone: +1.443.300.2200 > sip:janina@xxxxxxxxxxxxxxxxxxxx > Email: janina@xxxxxxxxxxx > > Linux Foundation Fellow > Executive Chair, Accessibility Workgroup: http://a11y.org > > The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI) > Chair, Accessible Platform Architectures http://www.w3.org/wai/apa > > _______________________________________________ > Blinux-list mailing list > Blinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/blinux-list _______________________________________________ Blinux-list mailing list Blinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/blinux-list