hmmm. I wonder if that python script will work on my OS X lion macbook here. could make for an interesting test. -eric from the central office of the Technomage Guild On Feb 3, 2017, at 1:39 PM, Tim Chase wrote: > If you want a password generator that can produce fairly strong > "XKCD" passwords, I created one a while back > > https://gist.github.com/Gumnos/fceaf405b0ffd8bfd325 > > It's a single Python file that lets you choose how many words you > want, the min/max length of those words, how many passwords to > generate, which dictionary you want to use (I occasionally point it > at the "upgoer five" dictionary for less obscure words), as well as > generation of statistics on how long it would take to brute-force the > password. So it lets me do things like > > # generate 5 passwords > passwordgen.py -c 5 > > # generate 8 5-word passwords > # where the words are 3-10 characters long > passwordgen.py -c 8 -n 5 --min=3 --max=10 > > # use my local upgoer_five dictionary > passwordgen.py -d /usr/share/dict/upgoer_five > > # show stats on how long it would take to crack > # any of these 8 passwords if a system can try > # 10000000 passwords every second > passwordgen.py -c 8 -g 10000000 -v > > There's also optional functionality for skipping words from a > word-list (optionally ROT-13 encoded) in case you don't want it to > generate profane words. > > I like the output because not only is it much easier to type, but it's > much easier to convey over the phone "your password is 'sick book mine > shadow knock'" as opposed to "your password is 'capital Juliet, > lowercase Whiskey, lowercase Bravo, ampersand, the number three, > capital Delta, equals-sign, ...'" > > Have fun with it! (grins) > > -tim > > > On February 3, 2017, Janina Sajka wrote: >> This has been a very good thread. >> >> I have one additional suggestion which is to add something you >> personally know, but that could not be guessed very easily, nor >> exposed by a dictionary attack. >> >> I find alternative, non standard phonetic spellings helpful this >> way. Even better are obscure, obsolete spellings of place names, >> people, objects, or concepts, particularly >> if the source language isn't English. >> >> On its own this strategy is insufficient, of course. But two or >> three such terms, plus the hashing described below, builds up a >> good password, imo. >> >> Of course, it's also important to employ available technology to >> thwart scripted attacks, e.g. with applications like denyhosts or >> fail2ban. Also, if you don't need to be open to access from the >> general public, move to IPv6 and shutdwon as much IPv4 access as >> possible. Anyone who has external access to any of my machines >> understands they need to come in via IPv6, because I'm not >> listening for connections on IPv4. Obviously, that doesn't work for >> mail or web traffic, but it's really helpful for sshd. >> >> PS: If we've not mentioned it, the pwgen command has many useful >> options. >> >> Janina >> >> Tim Chase writes: >>> I've used a technique that's come to be known as "password >>> haystacks" (see link below) which involves simply padding your >>> good (or even written shoulder-surfable) password out to a >>> reasonable length to make the brute-force cracking all the more >>> complex. >>> >>> So say my password is "correct horse battery staple". I might >>> take that and then add 8 periods at the end. Or 10 ampersands. Or >>> alternate dash-equals-dash-equals as many times as you want. Or >>> whatever secret character or characters you want and however many >>> of them you want. It's also particularly handy if you have to >>> change your password on a regular basis (I usually just change >>> the haystack characters). >>> >>> Alternatively, if you use a GUI and "keepassx" is accessible in >>> your screen-reader, it allows you to generate strong passwords, >>> keep them safe behind one master password, keep them hidden from >>> shoulder-surfing eyes, and will auto-type them into the last >>> window you were in. This is the solution I use for most >>> passwords (except my master passwords, for which I use the >>> haystack method). >>> >>> -tim >>> >>> https://www.grc.com/haystack.htm >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Blinux-list mailing list >>> Blinux-list@xxxxxxxxxx >>> https://www.redhat.com/mailman/listinfo/blinux-list >> >> -- >> >> Janina Sajka, Phone: +1.443.300.2200 >> sip:janina@xxxxxxxxxxxxxxxxxxxx >> Email: janina@xxxxxxxxxxx >> >> Linux Foundation Fellow >> Executive Chair, Accessibility Workgroup: http://a11y.org >> >> The World Wide Web Consortium (W3C), Web Accessibility Initiative >> (WAI) Chair, Accessible Platform Architectures >> http://www.w3.org/wai/apa >> >> _______________________________________________ >> Blinux-list mailing list >> Blinux-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/blinux-list > > _______________________________________________ > Blinux-list mailing list > Blinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/blinux-list _______________________________________________ Blinux-list mailing list Blinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/blinux-list