1 |
Michael Schwartzkopff wrote: |
2 |
> Am 05.02.19 um 10:55 schrieb Mick: |
3 |
>> On Tuesday, 5 February 2019 06:48:53 GMT Dale wrote: |
4 |
>> |
5 |
>>> Sort of picking a random message to reply to here. Someone sent a reply |
6 |
>>> off list about checking passwords on my system with tools available. |
7 |
>>> They also mentioned not trusting strength meters which I can get since |
8 |
>>> they pass some obvious passwords. I used three meters and some sort of |
9 |
>>> common sense as well. I found cracklib-check after some digging. I |
10 |
>>> used that to try to check my password and get this weird response. |
11 |
>>> |
12 |
>>> -su: me-supper-secret-password-here;): event not found |
13 |
>>> |
14 |
>>> I'm going to try to emulate my password without actually posting it, for |
15 |
>>> obvious reasons. You all are smart enough to understand why. ROFL It |
16 |
>>> has some of the following 'stuff' in it. !sdER*ark4567# As you can |
17 |
>>> tell, I use some of those things on the tops of the number keys. It |
18 |
>>> seems that confuses cracklib just a bit. BTW, I was running that as |
19 |
>>> root just to be sure it wasn't a permissions issue. I tried a few |
20 |
>>> different things but it seems the "!" is triggering that at least, maybe |
21 |
>>> others too. The command works fine with just normal stuff. |
22 |
>> Hmm ... I don't get such problem here, when I run cracklib as a plain user: |
23 |
>> |
24 |
>> $ cracklib-check |
25 |
>> password |
26 |
>> password: it is based on a dictionary word |
27 |
>> p4ssw0rd |
28 |
>> p4ssw0rd: it is based on a dictionary word |
29 |
>> p477w0rd |
30 |
>> p477w0rd: OK |
31 |
>> !sdER*ark4567# |
32 |
>> !sdER*ark4567#: OK |
33 |
>> helloworld |
34 |
>> helloworld: OK |
35 |
>> reallysecurepassword |
36 |
>> reallysecurepassword: OK |
37 |
>> |
38 |
>> LOL! |
39 |
>> |
40 |
>> Could it be something to do with your terminal/shell? I've run the above with |
41 |
>> bash in a urxvt terminal. |
42 |
>> |
43 |
>> |
44 |
>>> That leads |
45 |
>>> me to this question. Is there a tool I can use/install that will test a |
46 |
>>> password, try to crack it if you will, that will work regardless of the |
47 |
>>> characters used? In other words, it doesn't mind the things on top of |
48 |
>>> the number keys. |
49 |
>>> |
50 |
>>> BTW, I've also whittled it down to something a little easier to type |
51 |
>>> too. Feel sorry for any poor fool trying to just guess it. lol May |
52 |
>>> have better luck with P vs NP. ;-) |
53 |
>>> |
54 |
>>> Thanks. |
55 |
>>> |
56 |
>>> Dale |
57 |
>>> |
58 |
>>> :-) :-) |
59 |
>> I've used app-crypt/johntheripper in the distant past, but you'll need a good |
60 |
>> word list for it to be useful. Some of the wordlists I had found at the time |
61 |
>> were too big to download over dial-up! :p |
62 |
>> |
63 |
> A good password also has to be memorizable. See: |
64 |
> |
65 |
> https://xkcd.com/936/ |
66 |
> |
67 |
> |
68 |
> Mit freundlichen Grüßen, |
69 |
> |
70 |
|
71 |
|
72 |
That's the problem. I want one really good password that would be |
73 |
virtually impossible even for someone who knows me to guess. Doing that |
74 |
and being able to remember it plus be relatively easy to remember |
75 |
complicates things a lot. While at it, I'd like it to be hard to crack |
76 |
as well. Even with these password test tools, that is proving to be |
77 |
hard to know for sure. I have one that I know would be hard to guess |
78 |
and I think it would be hard to crack as well but I don't know that last |
79 |
part for sure, yet anyway. |
80 |
|
81 |
Thanks. It's a work in progress still. |
82 |
|
83 |
Dale |
84 |
|
85 |
:-) :-) |