Re: Adduser utility to generate "random" passwds ?
Frank Bonnet wrote:
Hello
Is there a possibility to use as a standalone software
the adduser feature that generate "random" passwd.
I want to generate new "strong" password for existing users.
Thank you
Frank
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"[EMAIL PROTECTED]"
Another good choice for separate password generation is apg which is
also in the ports. What I like about apg is that it also provides a
basic phonic for each password you can generate that helps you to
remember your password. As you may already know, having completely
ambiguous random passwords isn't necessarily the best thing to use since
most users will tend to write them down on paper somewhere and defeat
the real purpose for generating good secure passwords in the first place.
Here is a small script that can generate these passwords via a web
interface which is quite nice. It does require that you have a ksh
shell however since it was written with this shell in mind.
#!/usr/local/bin/ksh93
PATH=/bin:/user/bin:/usr/local/bin:/; export PATH
umask 077
a=/tmp/apg.$RANDOM
b=/tmp/apg.$RAMDOM
cat << EOF
Content-type: text/html
Help generating a new password
Help generating a new password
These passwords should be reasonably safe.
Feel free to use one, or reload the page
for a new batch.
EOF
apg -q -m 4 -x 4 -M NC -E '[EMAIL PROTECTED]&*()\\' -n 10 > $a
apg -q -m 4 -x 4 -M S -E '[EMAIL PROTECTED]&*()\\' -n 10 > $b
# tr command is for bug workaround; apg is not supposed to
# include characters specified after -E option
paste $a $b |
tr 'l' 'L' |
awk '
BEGIN {
printf "Password\tRough guess at pronunciation\n"
}
{
printf "%s%s\t%s %s\n", $1, $3, $2, $4
}'
cat << EOF
EOF
rm $a $b
exit 0
This script is from the book BSD Hacks, enjoy!
Michael Lawver
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Adduser utility to generate "random" passwds ?
Ivan Voras wrote: > Frank Bonnet wrote: > >> I want to generate new "strong" password for existing users. > > Here's an idea: > > $ head -c 64 /dev/random | md5 | head -c 10 ... or, following the upthread discussion, a preferable alternative: > openssl rand -base64 6 This will generate a strong password of 8 characters[*] with 6 bits of entropy each (48 bits total), which is as strong as it gets. [*] literally: 6 random bytes encoded with base64 to 8 ASCII characters signature.asc Description: OpenPGP digital signature
Re: Adduser utility to generate "random" passwds ?
Kirk Strauser wrote: > On Monday 08 January 2007 5:26 am, Ivan Voras wrote: > >> Here's an idea: >> >> $ head -c 64 /dev/random | md5 | head -c 10 > > Hugely bad idea. Since md5 outputs hex, you're only getting 4 bits of > entropy per character. Yes, with 10 characters that's 5 bytes of practically pure random data, i.e. 40 bits. You're somewhat right: I don't know about pwgen but usually such utilities generate passwords from a set that looks like [0-9a-zA-Z-,], i.e. 6 bits per character. For a password of 8 characters, that's 48 bits, so 8 bits stronger than 10 hexadecimal characters. For equal entropy, 12 hex characters should be used. But hex characters are easier to remember :) signature.asc Description: OpenPGP digital signature
Re: Adduser utility to generate "random" passwds ?
On Monday 08 January 2007 5:26 am, Ivan Voras wrote: > Here's an idea: > > $ head -c 64 /dev/random | md5 | head -c 10 Hugely bad idea. Since md5 outputs hex, you're only getting 4 bits of entropy per character. Much better to use something like sysutils/pwgen to generate good random passwords. -- Kirk Strauser pgppuaGVN8vUP.pgp Description: PGP signature
Re: Adduser utility to generate "random" passwds ?
Sahil Tandon wrote: Frank Bonnet wrote: Is there a possibility to use as a standalone software the adduser feature that generate "random" passwd. I want to generate new "strong" password for existing users. /usr/sbin/pw usermod -w random thanks a lot :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Adduser utility to generate "random" passwds ?
Frank Bonnet wrote: > I want to generate new "strong" password for existing users. Here's an idea: $ head -c 64 /dev/random | md5 | head -c 10 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Adduser utility to generate "random" passwds ?
Frank Bonnet wrote: Is there a possibility to use as a standalone software the adduser feature that generate "random" passwd. I want to generate new "strong" password for existing users. /usr/sbin/pw usermod -w random -- Sahil Tandon <[EMAIL PROTECTED]> ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Adduser utility to generate "random" passwds ?
Hello Is there a possibility to use as a standalone software the adduser feature that generate "random" passwd. I want to generate new "strong" password for existing users. Thank you Frank ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
