|JP Vossen on 6 Apr 2017 12:07:05 -0700|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|Re: [PLUG] Password managers|
On 04/06/2017 02:47 PM, Rich Freeman wrote:
On Thu, Apr 6, 2017 at 2:23 PM, Steve Litt <email@example.com> wrote:On Wed, 05 Apr 2017 13:06:05 -0400 <firstname.lastname@example.org> wrote:This may be a little off-subject I just had a discussion on the topic of passwords on another listserv, and this cartoon makes a valid point that Password Rules on a 10A password are just not as good as a plain 128 character password. https://xkcd.com/936/I'd hardly call "correct horse battery staple" easy to remember. Probably not that hard to guess using a dictionary attack either.The first bit seems somewhat subjective, but the second bit is quite straightforward to measure, and indeed in the comic itself estimates it at 44 bits of entropy. Now, this is probably based on the size of the dictionary and the assumption that all words in that dictionary are equally likely to be selected. If you're using a password generator to generate a single password and sticking with it that would be completely accurate. If you're just guessing your own words or looking at a page of suggestions and picking the most memorable one, then it seems likely that the "real" dictionary is smaller. I suspect somebody is much more likely to pick "horse" than "brusquely" - to pick something random from /usr/share/dict/
Speaking of the list of random words, here is my alias for that. I forget if I stole this off the web, wrote it myself or some combo, but:
(1 line)alias randomwords='shuf -n102 /usr/share/dict/words | perl -ne '\''print qq(\u$_);'\'' | column'
It looks like: /tmp$ randomwords Beverly's Jake's Chillest Willowy Builder Alto's Buddies Menkar Empirical Sorrow Grassed Percents ...I use that for creating passwords I need to give to someone over the phone or something. "Builder Sorrow Grassed Percents" is a HELL of a lot easier to get across than "7^|s6n5I>9Srf7".
Later, JP -- ------------------------------------------------------------------- JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/ ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug