On Fri, Sep 01, 2017 at 08:46:33PM +0100, Brian wrote: > On Fri 01 Sep 2017 at 09:58:19 -0500, Mario Castelán Castro wrote: > > > On 22/08/17 10:04, Mario Castelán Castro wrote: > > > I have the following line in my Bash init file: > > > > > > “alias gen-password="head -c 16 /dev/urandom | base64 | head -c 22 && > > > echo"” > > > > > > This generates a password with just above 128 bits of entropy. You may > > > find it useful. > > > > A slight simplification: > > > > alias gen-password="head -c 16 /dev/urandom | base64 | cut -c -22" > > I too would like to adjust some of my arguments to meet the many good > points which have been raised in this thread. Here is a password > > F!Vz5s19WuXa61PaA"+5 > > for my bank. Where does the password come from? It doesn't matter. Let > us say I wrote down as I sat and watched TV. It is not a result of the > what is above. Is this going to be guessed in any reasonable time by > being attacked online? I would say not. It actually fulfills all the > conditions that many banking sites advise. Numerals, upper and lower > case letters and symbols and no dictionary words. Plus it has length. A > star example, in other words. > > Unbeknownst to me (and totally outside my area of responsibility) the > bank's database is seriously compromised; an attack on its structure (or > a disgruntled employee) leads to the hashed passwords being leaked. > > How safe is the password above?
Once you've published a so-called password, it's security value approaches something much closer to "none" than whatever value it used to have - even if it is some fancy hash. Good luck,
