Amos Shapira <[email protected]> writes:
> On 16 March 2010 18:18, Josh Smith <[email protected]> wrote:
[...]
>> I plan to use this for work for the (DRN) I have run out of things to
>> put as my password and I am not aloud to have the same password twice
>
> I use pwgen to generate my passwords and a password vault to keep them
> as a backup.
I advise 'apg', which is packaged for most distributions. While it has some
theoretical weaknesses[1], it is sufficiently strong that it should beat any
non-targeted attack.
The advantage of it, though, is that it generates passwords that follow the
same basic rules of structure that English words do, so they are remarkably
easy to memorise and use in practice.[2]
[...]
> 2. Split the loop to three - one which picks a first letter from the
> uppercase-only string, one which picks 5 characters from LORD and one
> which picks 2 characters from the digits-only string.
Ideally, you would want to rewrite this as a function which takes a candidate
set of characters, picks a random character from it, then returns that. Then
you could make it easy to template your passwords to whatever length and
complexity you need.
Regards,
Daniel
Footnotes:
[1] It uses a generation model that doesn't produce perfectly random results,
by selecting from the pool of valid results. This introduces imbalances
in the generated parts-of-speech in the passwords, allowing you to
substantially reduce the search space over a fully random password
generator.
If you are concerned, and care more about probably-theoretical security
then there is a Perl implementation of the same idea which uses a
fully-random password generator, and then tests the generated password
for compliance to the parts-of-speech model.
That removes the bias, and is as theoretically secure as a fully random
password when the same number of bits of entropy are included.
Obviously, the use of filtering means less bits-per-character. :)
[2] Every time I tell someone this, they don't believe me, because it doesn't
look easy to memorise. In practice, they never fail to be amazed how
well they did committing it to memory after the fact.
--
✣ Daniel Pittman ✉ [email protected] ☎ +61 401 155 707
♽ made with 100 percent post-consumer electrons
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
