FAQ: How can I generate good strong passwords?

Q: How can I generate good strong passwords?

A:

  • Password Safe* (NOT ) Originally created by noted cryptographer Bruce Schneier of Counterpane Labs, it's open source and free, and has been subjected to extensive peer review.

  • Diceware passphrase A good way to create a strong, yet easy to remember passphrase. See also

See also:

Reply to
John Navas
Loading thread data ...

An easier option is to go here:

formatting link

Reply to
Doz

Really bad idea. For example, see .

Reply to
John Navas

OK, you seem to like slinging mud at Gibson for some reason but your link says nothing about the subject which is passwords. Please elaborate on how GRCs *password* generator is flawed.

Reply to
George

It's sufficient to note that Steve Gibson has been discredited numerous times. Trusting his password generator is like hiring a repeat crook as a guard.

Reply to
John Navas

I would still add a sentence like. " Although primarily a program for storing passwords safely, this also contains a password generation utility which makes the strongest password consistant with the various restriction you place. By placing inappropriate restrictions you can still make a weak password with this program."

Reply to
Unruh

or

formatting link
for the bigger picture of k00k Gibson

Reply to
Sebastian Gottschalk

Although I completely agree, that web page says nothing about the password generator. However using a password generator controlled by someone else is always a bad idea. and even more so here. HOw do you know he does not keep a list of the IP address and the "random string" for each caller. How do you know that the "random string" is not simply the IP address together with an incremented counter run through a hash? And with the first 6 characters that number? You do not.

Reply to
Unruh

Though its worth bearing in mind that there are different opinions, and the internet is a great tool for spreading FUD about all sorts of things.

Whether you like Gibson or not, and whether some of his ideas are wrong or not, the at least of whats on grc.com is perfectly accurate. Don't fall for any hype, either way. Make up your own mind. Mark McIntyre

Reply to
Mark McIntyre

Gibson's work is FUD

Neither is is accurate nor correct nor does Gibson have any clue about it.

Reply to
Sebastian Gottschalk
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

Sorry, but it's not, as the link above makes amply clear.

Sure. Just be sure to do your homework, thoroughly, before doing so.

Reply to
John Navas

I rest my case. Anyone can say anything on the internet, with little fear of contradiction, you included.

Your opinion is worth precisely as much as you consider Gibson's to be. From that you may infer what you will. Mark McIntyre

Reply to
Mark McIntyre
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

Defending Steve Gibson is a bit like defending Hwang Woo-suk. No offense intended.

Reply to
John Navas

And you are the one who winds up in the kill file!

Reply to
... -.-

I love the way people say the most offensive things on Usenet and think that saying "No offense intended" takes them off the hook.

Steve Gibson has been right about a lot of things, and way overboard about all of them.

Reply to
Derek Broughton

I have no idea what this sentence means. What is an "at least of whats"? However if you are implying that using his system to generate a password for you is safe and secure, then what is on his page is far from accurate. It is highly insecure, and is close to the dumbest thing you can do. (Maybe posting your password on your blog is worse, but I am not sure).

Reply to
Unruh

Really? Specific examples please. I promise to match you at least 1:1 with things he's been dead wrong about.

Reply to
John Navas

I'm not going to play that game - so much of what he talks about is either of no interest or completely irrelevant to me, so it could be bogus and I wouldn't know. For a fact - he was right about all the ports and services the old Windows versions used to open up.

And I love the way you snip the part of that sentence that was a little bit supportive of your position. At least you gave me an ellipsis to admit I was being quoted out of context.

Reply to
Derek Broughton

Nonsense.

There is an ellipsis, and there wasn't any quoting out of context.

Reply to
John Navas

"That's not an argument, that's a contradiction."

So much for any constructive discussion.

Reply to
Derek Broughton

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.