Q: How can I generate good strong passwords?
A: Password Safe* Originally created by noted cryptographer Bruce Schneier of Counterpane Labs, it's open source and free, and has been subjected to extensive peer review.
??? As I read it is not for generating passwords. It is for keeping a whole bunch of passwords safe and accessible for when you need them.
If you want to generate "good strong passwords" dd if=/dev/urandom bs=128 count=1|uuencode /dev/stdout and take a string of 20 or more characters from the second line to use as your password.
Of course you will never remember it. So you will need passwordsafe.
The current version 2.15 that I have will generate "random" passwords. I don't know the algorithm, nor the source of "real random" data -- it generates eight character passwords which are a mix of upper case, lower case and numbers. Within that set of characters, they look reasonably random to the eye.
/dev/urandom isn't "strong" - it is very possibly that there is a way of breaking it. If you're generating a password, it's better practice to use /dev/random, which is quite a bit harder to break.
Alun Harford
Complete nonsense I am afraid. /dev/urandom is seeded by physical randomness just as /dev/random is, but that physical randomness is "stretched out" using a PRNG if there is not enough physical randomness. Ie it does not block if the physical sources dry up. /dev/random can block, forever. Ie, /dev/urandom is as good as Tso could make it for a cryptographically strong random number generator continually seeded by physical randomness and is certainly far far far stronger than any other part in the password chain. /dev/random should probably never be used, precisely because if its blocking. The man page for urandom was written by someone in a pessimistic mood and not realising how it would be read by the great unwashed. /dev/urandom has not been broken AFAIK, and is in no danger of being broken anytime soon.
I generally create my own passwords. It is not hard to type random numbers, letters and special characters up to a 63 character length. If it is for a encrypting a wireless network, you really don't need to remember the password. Simply jot it down on a piece of paper, enter the router's menu, type in the password then type in the same password in the client's menu and you're done. Destroy the piece of paper that the password was written on. Alternatively, you can go to
In practise it won't block forever. If you only need a password, there is enough randomness in its pool to not block at all.
You are recommending convenience over security. The Microsoft Way.
-- Lassi
Password Safe is a top quality program for storing your passwords, if you want to create good random passwords, try our web based password generator, you can get as diverse as you like with it.
John Navas a écrit :
An other way would be to define a "basic" password and then you hash it using md5.
Not much help. The attacker can also run MD5 before trying a password guess. The attacker needs a bit more cycles, but otherwise it is as efficient as any password guessing attack.
-- Lassi
It's simple. Use first-letter passwords -- just take the first character of each word in a simple sentence, substituting 1s and 0s for Is and Os where they occur.
For example:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Sentence = "I generally create my own passwords."
Password = 1gcm0p ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(Choose a longer sentence if you're not happy with only 6 characters).
Virtually uncrackable, easy to remember, and you don't have to write it down.
Really, really bad idea.
Assumption that isn't valid. ANY pattern is risky.
With all due respect, Password Safe is a better bet for password generation because of the expertise behind it and peer review.
Feel free to back up your statement.
I have, many times, as Google can quickly reveal, and I'm not alone:
on 2/14/2006 6:31 PM John Navas said the following:
Ummm, that article is about Gibson and the WMF exploit. Not about Gibson's password generator. I agree I would not use it for the reasons elsewhere in the thread, but the article is not that reason.
JH
I didn't say it was. It just shows that Gibson isn't to be trusted in the area of security.
I perceive the question the same way you seem to. How to generate good strong passwords that one can easily remember without having to write them on a Post It note and stick it under your keyboard.
My approach to this is to use an old song book. Choose a familiar song then use the song/hymn number and verse number in conjunction with the first letters of the words in that verse.
This produces a mixture of digits and text that can be as long as you need. It is easy to remember, but would be nearly impossible for anyone less than perhaps the FBI to crack.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.