| 1 |
On Thursday 12 August 2010 15:01:12 Stroller wrote: |
| 2 |
> On 11 Aug 2010, at 21:30, Alan McKinnon wrote: |
| 3 |
> > ... |
| 4 |
> > My users pick their own passwords - I present a list of 5 from apg |
| 5 |
> > and let |
| 6 |
> > them pick one |
| 7 |
> |
| 8 |
> apg's results seem awfully unmemorable by default. |
| 9 |
> |
| 10 |
> I tend to prefer random password generators that create pronounceable |
| 11 |
> nonsense words, by stringing together random syllables, rather that |
| 12 |
> just letters. |
| 13 |
> |
| 14 |
> Do you know if apg can do that? I'm sure it's in the manpage, so |
| 15 |
> forgive me for not parsing it at this time of the morning. |
| 16 |
|
| 17 |
Yes, it can do that. It's for that reason I use it. |
| 18 |
|
| 19 |
The command I use is: |
| 20 |
|
| 21 |
$ apg -m8 -x8 -MCNL |
| 22 |
Badnack9 |
| 23 |
VeOsFid5 |
| 24 |
JucWeac9 |
| 25 |
EowtUzt1 |
| 26 |
SceybEf8 |
| 27 |
ByejCys1 |
| 28 |
|
| 29 |
passwords are 8 chars simply because some elements of the environment have |
| 30 |
that limitation. As you can see, the passwords tend to be pronounceable. And |
| 31 |
many, many tests run have convinced me that the passwords have sufficient |
| 32 |
entropy to be good enough - good enough being defined as "john the ripper |
| 33 |
didn't brute force it in 48 hours" |
| 34 |
|
| 35 |
|
| 36 |
|
| 37 |
-- |
| 38 |
alan dot mckinnon at gmail dot com |
Archives