Re: generating random passwords

2008-06-11 Thread Baptiste Grenier
Le 11/06/08 à 09:22, Zbigniew Szalbot téléscripta :
 Hello,

Hello,

 Excuse me my ignorance. Is there a utility in FreeBSD that would allow  
 me to generate random passwords without actually creating any accounts  
 or modifying existing ones? I am looking for something to allow me to  
 generate a random string of characters. I know I can randomly hit the  
 keyboard but if anything like that exists, many thanks for your advice. 
 :)

apg[1] could do the trick, it could generate different kind of
passwords, eiher pronounceable or unpronounceable.

% apg -a1 -m64
jVMH8f]~[nZ\Bs2a-b*,gYPIYW0P?+I~A'd/,M(8B~w'i`siSn!5_B|NA1'hx
!e/599bdWH)oE8Y5=m]F6|jy6Iasa8`BytT/kyqP{_0WKIyu8j:@`!v,*a(DXWa
QJn%pSXAF\4y8gRyiCi]uc^/U+K|)bn!#mvrL]LA7f5!woo,jHBTM(9IUx+.'wS
3.7}7uo\XF9s0z;~6{n\MlV6*0EfHJOQZpNM~'Z4hsl#nZvnz(Q4{kjP(]Q.0)#R
8|;[EMAIL PROTECTED]'a(sT;+OMlpcYg%VI/%4Kg=J[EMAIL PROTECTED]/VVJ51
[EMAIL PROTECTED]67dgAf;dq)j,8[mL/ZjGURL=u9_zt~+:OXg$jDE{JnRx

% apg -a0 -m8
DykavWabjo
eyHeefVoc
Agdeikkeo
ivEncig1
ipfevDyod
MywranEn1

Ref:
[1] - http://www.freshports.org/security/apg/


 Best regards,

Regards,
Baptiste

-- 
Baptiste Grenier | PGP: 0x069112E2
HealthGrid SysAdmin
http://healthgrid.org/


pgpnVXYbITdzq.pgp
Description: PGP signature


Re: generating random passwords

2008-06-11 Thread Nikos Vassiliadis
On Wednesday 11 June 2008 10:20:30 Zbigniew Szalbot wrote:
 Excuse me my ignorance. Is there a utility in FreeBSD that would allow
 me to generate random passwords without actually creating any accounts
 or modifying existing ones? I am looking for something to allow me to
 generate a random string of characters. I know I can randomly hit the
 keyboard but if anything like that exists, many thanks for your advice.
 :)

That's a common problem I have, and most of the times I was on relying
on BASH's $RANDOM. Just thought of this:
sed -n 's/[EMAIL PROTECTED]*()_+=-|\]//g; /^\(.\{10\}\).*/{ s//\1/p; q; }; b' 
/dev/urandom

HTH, Nikos
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: generating random passwords

2008-06-11 Thread Wojciech Puchar


Excuse me my ignorance. Is there a utility in FreeBSD that would allow me to 
generate random passwords without actually creating any accounts or modifying


example:

[EMAIL PROTECTED] ~]$ cat bin/genpwd
#!/bin/sh
dd if=/dev/urandom bs=8 count=1 2/dev/null |hexdump|cut -b 
9-12,14-17,19-22,24-27
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: generating random passwords

2008-06-11 Thread N. Raghavendra
At 2008-06-11T09:20:30+02:00, Zbigniew Szalbot wrote:

 Is there a utility in FreeBSD that would allow me to generate random
 passwords without actually creating any accounts or modifying
 existing ones? I am looking for something to allow me to generate a
 random string of characters.

One way is to use the rand(1) command which comes with the base system
as a part of OpenSSL:

  [riemann:/usr/home/raghu]% openssl rand -base64 6
  1olqAkXG
  [riemann:/usr/home/raghu]% openssl rand -base64 9
  gO/9nTp5/SYa
  [riemann:/usr/home/raghu]% openssl rand -base64 6
  ib9SrIe2

Base64 encoding transforms every group of 3 octets to 4 encoded
characters, so `openssl rand -base64 3N' produces a string with 4N
encoded characters.  In case it is relevant, the generated strings are
made up of the 62 US-ASCII alphanumerical characters, `+', and `/'.

HTH,
Raghavendra.

-- 
N. Raghavendra [EMAIL PROTECTED] | http://www.retrotexts.net/
Harish-Chandra Research Institute   | http://www.mri.ernet.in/
See message headers for contact and OpenPGP information.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: generating random passwords

2008-06-11 Thread Roland Smith
On Wed, Jun 11, 2008 at 09:20:30AM +0200, Zbigniew Szalbot wrote:
 Hello,
 
 Excuse me my ignorance. Is there a utility in FreeBSD that would allow 
 me to generate random passwords without actually creating any accounts 
 or modifying existing ones? I am looking for something to allow me to 
 generate a random string of characters. I know I can randomly hit the 
 keyboard but if anything like that exists, many thanks for your advice. :)

Using FreeBSD's random device:
tcsh syntax:
( dd if=/dev/random bs=6 count=1 | openssl base64  /dev/tty )   /dev/null

sh syntax:
dd if=/dev/random bs=6 count=1 2/dev/null| openssl base64

Roland
-- 
R.F.Smith   http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)


pgpxIgDT5pKek.pgp
Description: PGP signature


Re: generating random passwords

2008-06-11 Thread Bill Campbell
On Wed, Jun 11, 2008, Roland Smith wrote:
On Wed, Jun 11, 2008 at 09:20:30AM +0200, Zbigniew Szalbot wrote:
 Hello,
 
 Excuse me my ignorance. Is there a utility in FreeBSD that would allow 
 me to generate random passwords without actually creating any accounts 
 or modifying existing ones? I am looking for something to allow me to 
 generate a random string of characters. I know I can randomly hit the 
 keyboard but if anything like that exists, many thanks for your advice. :)

Using FreeBSD's random device:
tcsh syntax:
( dd if=/dev/random bs=6 count=1 | openssl base64  /dev/tty )   /dev/null

sh syntax:
dd if=/dev/random bs=6 count=1 2/dev/null| openssl base64

I much prefer apg which can generate more-or-less pronounceable
passwords which it is possible to remember (at least after typing
them a few times :-).

One of the biggest problems with random passwords is that they
end up written on yellow-stickies on the monitor or under the
keyboard.

Bill
-- 
INTERNET:   [EMAIL PROTECTED]  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:  (206) 236-1676  Mercer Island, WA 98040-0820
Fax:(206) 232-9186

With Congress, every time they make a joke it's a law; and every time
they make a law it's a joke.
-- Will Rogers
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: generating random passwords

2008-06-11 Thread Wojciech Puchar


One of the biggest problems with random passwords is that they
end up written on yellow-stickies on the monitor or under the
keyboard.


there is no cure for that in FreeBSD. you need some non-computer hardware 
to stop that behaviour ;)

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: generating random passwords

2008-06-11 Thread Andrew Berry

Zbigniew Szalbot wrote:

Hello,

Excuse me my ignorance. Is there a utility in FreeBSD that would allow 
me to generate random passwords without actually creating any accounts 
or modifying existing ones? I am looking for something to allow me to 
generate a random string of characters. I know I can randomly hit the 
keyboard but if anything like that exists, many thanks for your 
advice. :)


Best regards,

I've used pwgen from ports. It sounds similar to the other suggestions.

--Andrew
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: generating random passwords

2008-06-11 Thread Jos Chrispijn

Bill Campbell wrote:

I much prefer apg which can generate more-or-less pronounceable
passwords which it is possible to remember (at least after typing
them a few times :-).
  
This is not supposed to be an offense to any author of a password 
generator, but:
Never, but never trust any random password generator. You do not know 
the author, you do not know the algoritm it uses and in worst case 
scenarion you do not know if there is a millisecond traffic to somewhere 
that is recording the generated password.

One of the biggest problems with random passwords is that they
end up written on yellow-stickies on the monitor or under the
keyboard.
  
You don't need a generated password for that; it is common behaviour for 
people that aren't involved in any responsibility whatsoever.


Jos
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: generating random passwords

2008-06-11 Thread Jeffrey Goldberg

On Jun 11, 2008, at 11:35 AM, Bill Campbell wrote:


One of the biggest problems with random passwords is that they
end up written on yellow-stickies on the monitor or under the
keyboard.


I'm going to take this opportunity to preach. Everyone should be using  
a good password management system.  Otherwise people will use either  
weak passwords or will use passwords which are predictable from other  
passwords.  (That is using the same password or variants of the same  
password for many separate realms.)


I don't run FreeBSD on desktops so I haven't looked at the various  
tools available.  On OS X, I use 1password which makes excellent use  
of the OS X Keychain system, and has terrific webbrowser integration.   
I'm fairly sure that the Apple Keychain libraries have been or can be  
ported to FreeBSD, but it might require GnuStep.


On Window's I recommend Password Safe.  In ports, sysutils/pwsafe  
provides a CLI utility that can manage Password Safe data.  And  
security/gorilla provides a tcl/tk GUI for pwsafe.  I've used both on  
OS X, and the work fine, but I much prefer 1password in that  
environment.


I've never looked at things like kwallet or other Unixish password  
management systems.  But once again, I recommend that everyone use a  
proper password management system.


-j


--
Jeffrey Goldberghttp://www.goldmark.org/jeff/

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: generating random passwords

2008-06-11 Thread Andrew Berry

Jeffrey Goldberg wrote:

I don't run FreeBSD on desktops so I haven't looked at the various tools 
available.  On OS X, I use 1password which makes excellent use of the OS 
X Keychain system, and has terrific webbrowser integration.  I'm fairly 
sure that the Apple Keychain libraries have been or can be ported to 
FreeBSD, but it might require GnuStep.


Any idea what the name of the project for the Security framework is? I 
can't seem to find anything on Google. I'd love to be able to access 
keychains from OS X on other platforms, without resorting to dumping 
everything to plaintext.


--Andrew


smime.p7s
Description: S/MIME Cryptographic Signature


Re: generating random passwords

2008-06-11 Thread RW
On Wed, 11 Jun 2008 14:53:56 -0400
Andrew Berry [EMAIL PROTECTED] wrote:

 Zbigniew Szalbot wrote:
  Hello,
 
  Excuse me my ignorance. Is there a utility in FreeBSD that would
  allow me to generate random passwords without actually creating any
  accounts or modifying existing ones? I am looking for something to
  allow me to generate a random string of characters. I know I can
  randomly hit the keyboard but if anything like that exists, many
  thanks for your advice. :)
 
  Best regards,
 I've used pwgen from ports. It sounds similar to the other
 suggestions.

There are actually two versions of this in ports: sysutils/pwgen and
sysutils/pwgen2. The latter is an independent rewrite rather than a
version 2, and seems to be much more secure. 

The problem with pwgen is that its PRNG is very weakly seeded, making
it vulnerable to simple brute-force attacks. As most of the entropy
comes from the time (in *integer* seconds), it's particularly weak if an
attacker knows roughly when the password was generated. An attacker with
local access may even be able to compute the passwords directly. 

pwgen2 gets random numbers directly from /dev/random, which is how
it should be. 

IMO pwgen should be removed from the ports tree, or failing that should
be patched to use arc4random(), which is self-seeding. I don't really
see the point in keeping it though.


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: generating random passwords

2008-06-11 Thread Frank Shute
On Wed, Jun 11, 2008 at 02:53:56PM -0400, Andrew Berry wrote:

 Zbigniew Szalbot wrote:

 Hello,
 
 Excuse me my ignorance. Is there a utility in FreeBSD that would allow 
 me to generate random passwords without actually creating any accounts 
 or modifying existing ones? I am looking for something to allow me to 
 generate a random string of characters. I know I can randomly hit the 
 keyboard but if anything like that exists, many thanks for your 
 advice. :)
 
 Best regards,

 I've used pwgen from ports. It sounds similar to the other suggestions.
 

I like sysutils/pwgen too.

In it's default state it will give a screenful of semi-pronounceable
passwords from which you pick one. 

It can also be used in a shell script to generate single passwords.

Having the password semi-pronounceable avoids the sticky-note problem
to a large extent as they're easy to learn.

Can also generate gibberish, if that's your choice. Widely tunable.

For password containment i.e all my online passwords, I use a shell
script with gpg and a strong password.

So in theory, I only have to remember my user login and the password
for gpg. In practice, I remember a few more that I use regularly.

Regards,

-- 

 Frank 


 Contact info: http://www.shute.org.uk/misc/contact.html 

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: generating random passwords

2008-06-11 Thread Jeffrey Goldberg

On Jun 11, 2008, at 7:46 PM, Andrew Berry wrote:

Any idea what the name of the project for the Security framework is?  
I can't seem to find anything on Google. I'd love to be able to  
access keychains from OS X on other platforms, without resorting to  
dumping everything to plaintext.


This looks like a good place to start.

 http://developer.apple.com/opensource/security/index.html

I, too, would like my OS X Keychains to be portable.

Cheers,

-j

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


Re: generating random passwords

2008-06-11 Thread Frank Shute
On Thu, Jun 12, 2008 at 02:17:59AM +0100, RW wrote:

 On Wed, 11 Jun 2008 14:53:56 -0400
 Andrew Berry [EMAIL PROTECTED] wrote:
 
  Zbigniew Szalbot wrote:
   Hello,
  
   Excuse me my ignorance. Is there a utility in FreeBSD that would
   allow me to generate random passwords without actually creating any
   accounts or modifying existing ones? I am looking for something to
   allow me to generate a random string of characters. I know I can
   randomly hit the keyboard but if anything like that exists, many
   thanks for your advice. :)
  
   Best regards,
  I've used pwgen from ports. It sounds similar to the other
  suggestions.
 
 There are actually two versions of this in ports: sysutils/pwgen and
 sysutils/pwgen2. The latter is an independent rewrite rather than a
 version 2, and seems to be much more secure. 
 
 The problem with pwgen is that its PRNG is very weakly seeded, making
 it vulnerable to simple brute-force attacks. As most of the entropy
 comes from the time (in *integer* seconds), it's particularly weak if an
 attacker knows roughly when the password was generated. An attacker with
 local access may even be able to compute the passwords directly. 

Thanks for the heads-up.

 
 pwgen2 gets random numbers directly from /dev/random, which is how
 it should be. 
 
 IMO pwgen should be removed from the ports tree, or failing that should
 be patched to use arc4random(), which is self-seeding. I don't really
 see the point in keeping it though.

It would be nice if it could be patched and a portaudit warning issued
for it so users could update.

The patching would be beyond me unfortunately...or fortunately, as I
would likely make it *really* insecure ;)

Regards,

-- 

 Frank 


 Contact info: http://www.shute.org.uk/misc/contact.html 

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]


RE: generating random passwords

2008-06-11 Thread Ted Mittelstaedt


 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Jos Chrispijn
 Sent: Wednesday, June 11, 2008 12:29 PM
 To: freebsd-questions@freebsd.org
 Subject: Re: generating random passwords
 
 
 Bill Campbell wrote:
  I much prefer apg which can generate more-or-less pronounceable
  passwords which it is possible to remember (at least after typing
  them a few times :-).

 This is not supposed to be an offense to any author of a password 
 generator, but:
 Never, but never trust any random password generator. You do not know 
 the author, you do not know the algoritm it uses and in worst case 
 scenarion you do not know if there is a millisecond traffic to somewhere 
 that is recording the generated password.

This issue is very easily solved with open source code, as you
can simply read the code before running it.  That is one of the
reasons that most crypto implementations that people trust
to actually keep things private are open source.

  One of the biggest problems with random passwords is that they
  end up written on yellow-stickies on the monitor or under the
  keyboard.

 You don't need a generated password for that; it is common behaviour for 
 people that aren't involved in any responsibility whatsoever.
 

Such as people who don't read the source for any password generator
before running it?

Ted
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]