[TriLUG] Securely and Accurately transmit passwords
Nolan Caudill
nolan at nolancaudill.com
Tue Oct 2 10:57:50 EDT 2007
I'll second the apg suggestion. It will let you dictate everything from min
length, max length, what symbol set(s) to use (numeric, alpha, punctuation),
what dictionary file to check against, and can even do bulk create if you
need multiple passwords at one time.
On 10/2/07, Steve Kuekes <steve at kuekes.homeip.net> wrote:
>
> I've been using apg which is a package that has a command to generate
> random passwords that are jibberish, but pronouncable. The man page
> documents how to make is use different algorithms to generate passwords.
> I just run it a few times to find a password that I like.
>
> jonc at nc.rr.com wrote:
> > I agree 100% with Chris. Having a password no one can guess *but* no
> one can remember is useless.
> > Rule #1 when I generate a secure password is that it has to be simple to
> memorize.
> > Rule #2 is that it has to be hard to guess.
> >
> > We generally use simple phrases with numbers or symbols mixed in for
> spaces and other characters. This has worked for over a decade. The only
> problem being, that I still remember most of the passwords generated over
> that decade!
> >
> > Jon (elephant head) Carnes
> >
> > BTW: given the choice of sending the PW in email or having the PW
> displayed on a card taped to the laptop, I would choose email :-)
> >
> >
> > ---- Chris Knowles <chrisk at trilug.org> wrote:
> >
> >>This is a very good point.
> >>
> >>I *almost* wouldn't blame them if the passwords were of the form
> >>"s2Adf3#5^@"
> >>
> >>However, as directed by on high, I'm not allowed to set the passwords
> >>that evilly.
> >>
> >>Instead I use a diceware (http://www.diceware.com/) type scheme to
> >>generate the passwords.
> >>
> >>Two words, with a symbol or space between them.
> >>
> >>Thus, a typical password is "solemn+stony" (Just rolled that one up)
> >>
> >>While a little longer than the 6 char we require, it's much easier to
> >>remember than a completely random password, and has a good level of
> >>entropy.
> >>
> >>Well, much better than the name of their dog with a single digit after
> >>it.
> >>
> >>As an aside, diceware is a really nice way to generate longer
> >>passphrases that you can actually remember.
> >>
> >>CJK
> >>
> >>On Tue, 2007-10-02 at 15:02 +1000, Jeremy Portzer wrote:
> >>
> >>>Chris Knowles wrote:
> >>>
> >>>
> >>>>Recently we've started seeing that they've taken these cards, taped
> them
> >>>>into their laptops in plain sight. (And occasionally annotated them
> >>>>with much too much information as to what that password would buy
> you.)
> >>>>
> >>>>Since the passwords are complex, phone conversations tend to lead to a
> >>>>lot of phonetic spelling and shouting.
> >>>
> >>>Maybe the problem is the passwords are TOO complex requiring all but
> the
> >>>most anal sysadmin to refer to a written reference? Maybe you could
> >>>consider simplifying them a bit so people can more easily remember
> them?
> >>> E.g. something like "2 of the 3: digit, capital letter, or symbol."
> >>>Something like "Must contain at least 2 of each: digit, capital
> >>>letters, and symbols" is much harder to deal with.
> >>>
> >>>Also, do users pick their passwords or do you pick them arbitrarily?
> >>>
> >>>There are a lot of 'social' aspects to password complexity schemes that
> >>>are interesting to study. I don't know the state-of-the-art here.
> >>>
> >>>--Jeremy
> >
> >
>
> --
> Steve Kuekes
>
> Insight Racing - Urban Grand Challenge('07) - http://www.insightracing.org
> Private Pilot: N9259R '95 Saratoga based at Sanford-Lee County Regional
> (TTA)
> email: skuekes at nc.rr.com
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
>
More information about the TriLUG
mailing list