![]() ![]() ![]() More details about the rationale behind those choices is explained in the aforementioned article and my password managers review.Ģ020: I posted this answer in 2011. I mention this because I believe it is important to memorize less passwords and instead rely on a password manager to store large strings that are hard to guess. Head -c $ENTROPY /dev/random | base64 | tr -d '\n=' # strip possible newlines if output is wrapped and trailing = signs as they add nothing to the password's entropy # a password generator would be pwqgen or diceware # high-entropy compact printable/transferable string generator To generate a completely random password, I use the following shell function: # secure password generator or, as dkg puts it: But I find it easier to communicate and share passwords when they have some separator. The - delimiter is a lesser evil: it would be better to not use any separator and the en_eff wordlist is especially crafted for that purpose. I turn off caps and spaces because they generate distinct audible noises that could be leveraged by an attacker. Syndrome-ramp-cresting-resolved-flinch-veneering Turkey-eligibly-underwire-recite-lifter-wasp To generate strong memorable passwords, I generally use diceware with the following configuration file: I wrote a detailed article on that very topic, but basically, the gist of it is to use the diceware program (or, if you like dice, the actual diceware system) or xkcdpass. And using it to generate completely random strings isn't that useful either. I would recommend people stop using pwgen - its main interested was generating "human-rememberable passwords", but it showed multiple vulnerabilities in doing exactly that. ![]()
0 Comments
Leave a Reply. |