![]() ![]() For the safety, copy this file into a special USB flash drive or floppy disk. Then you will be able just to copy it (CTRL+C). Unfortunately, there are certain web sites where it is impossible to enter a password containing, for example, special characters.Īnd as only a few people are able to remember a strong password full of different characters, it is good to write down this password (and another one) to notepad (that way, no one can steal if from you via internet), or you can write it down (for quicker access) to a simple text file or XLS table. However, first you need to check, which characters you can enter into the portal. Do not use familiar words, but unfamiliar phrases, numbers and special characters. I know it to be available in the Ubuntu, Fedora, Debian and Suse repositories.If you want to generate a good and strong password for online portals, it should contain a minimum of 20 characters and more. You might want to check out the pwgen application. Having said that, I am convinced that pwgen will suffice for low-security systems where attack is very unlikely. Although I no longer believe in generating passwords to then try and remember them myself, I do not have the technical aptitude to validate, let alone vouch for the contents of the article as quoted so please read it and draw your own conclusions. He sets out to describe the technical details on how pwgen can, in some circumstances, use insecure methods of password derivation from available entropy in his article. As has been pointed out by anarcat, pwgen may not (or no longer) be suitable for securing high-security systems. In the years that have passed, the face of cyber security and the demands to it have changed rapidly and enormously. More details about the rationale behind those choices is explained in the aforementioned article and my password managers review.Ģ020: I posted this answer in 2011. I mention this because I believe it is important to memorize less passwords and instead rely on a password manager to store large strings that are hard to guess. Head -c $ENTROPY /dev/random | base64 | tr -d '\n=' # strip possible newlines if output is wrapped and trailing = signs as they add nothing to the password's entropy ![]() # a password generator would be pwqgen or diceware # high-entropy compact printable/transferable string generator To generate a completely random password, I use the following shell function: # secure password generator or, as dkg puts it: ![]() But I find it easier to communicate and share passwords when they have some separator. The - delimiter is a lesser evil: it would be better to not use any separator and the en_eff wordlist is especially crafted for that purpose. I turn off caps and spaces because they generate distinct audible noises that could be leveraged by an attacker. ![]() Syndrome-ramp-cresting-resolved-flinch-veneering Turkey-eligibly-underwire-recite-lifter-wasp To generate strong memorable passwords, I generally use diceware with the following configuration file: I wrote a detailed article on that very topic, but basically, the gist of it is to use the diceware program (or, if you like dice, the actual diceware system) or xkcdpass. And using it to generate completely random strings isn't that useful either. I would recommend people stop using pwgen - its main interested was generating "human-rememberable passwords", but it showed multiple vulnerabilities in doing exactly that. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |