Re: [PLUG] Password managers

JP Vossen on 6 Apr 2017 12:07:05 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Password managers

From: JP Vossen <jp@jpsdomain.org>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Password managers
Date: Thu, 6 Apr 2017 15:06:58 -0400
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0

On 04/06/2017 02:47 PM, Rich Freeman wrote:

On Thu, Apr 6, 2017 at 2:23 PM, Steve Litt <slitt@troubleshooters.com> wrote:

On Wed, 05 Apr 2017 13:06:05 -0400
<jvoris@axs2000.net> wrote:

This may be a little off-subject

I just had a discussion on the topic of passwords on another listserv,
and this cartoon makes a valid point that Password Rules on a 10A
password are just not as good as a plain 128 character password.

https://xkcd.com/936/


I'd hardly call "correct horse battery staple" easy to remember.
Probably not that hard to guess using a dictionary attack either.


The first bit seems somewhat subjective, but the second bit is quite
straightforward to measure, and indeed in the comic itself estimates
it at 44 bits of entropy.

Now, this is probably based on the size of the dictionary and the
assumption that all words in that dictionary are equally likely to be
selected.  If you're using a password generator to generate a single
password and sticking with it that would be completely accurate.  If
you're just guessing your own words or looking at a page of
suggestions and picking the most memorable one, then it seems likely
that the "real" dictionary is smaller.  I suspect somebody is much
more likely to pick "horse" than "brusquely" - to pick something
random from /usr/share/dict/

Speaking of the list of random words, here is my alias for that. Iforget if I stole this off the web, wrote it myself or some combo, but:


(1 line)

alias randomwords='shuf -n102 /usr/share/dict/words | perl -ne '\''printqq(\u$_);'\'' | column'


It looks like:
/tmp$ randomwords
Beverly's	Jake's		Chillest	Willowy
Builder		Alto's		Buddies		Menkar
Empirical	Sorrow		Grassed		Percents
...

I use that for creating passwords I need to give to someone over thephone or something. "Builder Sorrow Grassed Percents" is a HELL of alot easier to get across than "7^|s6n5I>9Srf7".


Later,
JP
--  -------------------------------------------------------------------
JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- Re: [PLUG] Password managers
  - From: <jvoris@axs2000.net>
- Re: [PLUG] Password managers
  - From: Steve Litt <slitt@troubleshooters.com>
- Re: [PLUG] Password managers
  - From: Rich Freeman <r-plug@thefreemanclan.net>

Prev by Date: Re: [PLUG] Password managers
Next by Date: Re: [PLUG] Canonical dropping Unity
Previous by thread: Re: [PLUG] Password managers
Next by thread: [PLUG] Canonical dropping Unity
Index(es):
- Date
- Thread