Gentoo Archives: gentoo-user

From: Dale <rdalek1967@×××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Re: Coming up with a password that is very strong.
Date: Sat, 09 Feb 2019 00:19:37
Message-Id: 7c8342e9-bbef-e5d7-2f1c-cfb01df92f2c@gmail.com
In Reply to: Re: [gentoo-user] Re: Coming up with a password that is very strong. by Neil Bothwick
1 Neil Bothwick wrote:
2 > On Fri, 08 Feb 2019 15:26:22 +0100, Kai Peter wrote:
3 >
4 >>> The was a tool in portage this did this. I tried it but it did not
5 >>> work in the real world because you couldn't set a rule for generated
6 >>> passwords
7 >>> that matched the requirements of all sites, for example some require a
8 >>> non-alphanumeric character while other sites only allow alphanumerics.
9 >>>
10 >>> I can remember what the tools was called, although I'm pretty sure it
11 >>> was written in Python. I'd be interested to know how you get around
12 >>> the conflicting restrictions as this seems a good way to do things.
13 >> By using an existing tool you have to live with its restrictions
14 >> always. But who says that it could not be done?
15 > It wasn't so much a restriction in the tool as the sites, which have
16 > conflicting requirements for passwords - especially the ones that have a
17 > MAXIMUM password length.
18 >
19 >
20
21 This is something I've ran into on several occasions using LastPass'
22 generation tool.  Some sites allow the symbols, letters above the number
23 keys, but don't allow one or more specific ones.  A couple examples, the
24 "!" key is a common one not allowed.  Others that are sometimes excluded
25 are the "$" and "*" symbols.  So I end up telling LastPass to generate
26 passwords until it gets one without any of those characters or I turn
27 off the symbols all together.  Of course, turning those off makes a
28 password easier to crack/hack. 
29
30 I did run up on one site recently that allowed any character, all
31 symbols included, and could be as long as 60 characters.  I think spaces
32 was the only thing on the keyboard not allowed.  Thing is, it wouldn't
33 accept anything longer than 28 or so for me.  I started out at 40 and
34 kept dropping down a few digits until I hit the one it would accept.  If
35 it had accepted a random password that long with symbols included, I
36 would think hackers would have to attack something besides the
37 password.  That is one long password.  I've seen paragraphs shorter than
38 that.  According to a couple of the test sites, it would take trillions
39 of years to crack a 40 digit password much less 60.  Pretty hard thing
40 to get past.  What surprises me, a couple sites that I would like to
41 have longer passwords on, won't accept anything longer than a couple
42 dozen characters.  I wish all financial sites would take 60 or so like
43 the other one I use.  I'm not sure why they limit it to that number. 
44 Common software limit maybe? 
45
46 This is one thing about having so many different password tools and each
47 person picking what they like.  It makes it harder to figure out how
48 passwords are generated and tracked.  Each tool has its own methods. 
49 It's sort of like the password strength sites.  I didn't rely on one
50 site.  I used several plus some common sense as well.  If all sites
51 think a password will take thousands of years or more to crack, it is
52 likely a good password.  Then apply some common sense to confirm it of
53 course.  I ended up with a password that was easier to type and very
54 strong, even stronger than what I started with.  The odds of someone
55 just guessing it is virtually zero.  The things it is based on is not
56 something anyone other than me would likely consider for creating a
57 password.  It's not pets, family names, date of births or anything like
58 that.  Heck, even if someone was sitting in my chair, they would be
59 clueless.  Even people who know me best would never be able to figure
60 out what it is based on much less how I put it in the password or which
61 ones.  Thing is, I think I'll be able to remember it easy enough. 
62
63 I suspect that anyone trying to hack us Linux users, users of this list
64 especially, would have a rough road ahead of them.  Based on replies
65 here, some have some pretty good methods of coming up with a password. 
66 Let us hope none of us dies instantly and takes the passwords with us. 
67 o_O  I put mine in a fire safe.  Just in case.
68
69 Dale
70
71 :-)  :-) 

Replies

Subject Author
Re: [gentoo-user] Re: Coming up with a password that is very strong. Neil Bothwick <neil@××××××××××.uk>