OT: passwords

That checker tends to be lame with repeated sequence(s):

#S4LWU$kz4#S4LWU$kz with 19 characters passes all, gives 93% and yet first 9 are repeated.

So...are there other maybe "better" checkers that will not "rook" you?

Still, a half-way decent generator seems better.

Thanks

On a sunny day (Tue, 9 Jul 2019 20:54:54 -0800) it happened Robert Baer wrote in :

In Linux, in a terminal, for 2 seconds then use ctrlC, type cat /dev/random > q1

To get get valid ASCII strings q1 > q2

Edit q2, remove any fontrol characters...

Edit q1 with a text editor, keep valid characters you want working backwards MsW4i0u48FZ

Good enough?

Other variants of processing output from /dev/random are OK too, if you are paranoid swap some characters..

You could also use the radioactive decay form the uranium hexafluoride from you enrichment plant.

Am 10.07.19 um 06:54 schrieb Robert Baer:

You can always use the password generator of the crack program.

:-) Gerhard

all password managers do that.

PS, Just after I replied I decided to keep the fingers moving and wrote a simple password generator in See:

It does exactly what I wrote, see below, and I also added a check for /dev/random being not some hack and a file.

This is Linux software, unpack with tar -zxvf passgen-0.1.tgz make make install

Run: ~ # passgen read 99 of 100 bytes, please wait ready, your password is

It takes a minute or 2 to get enough randomness.

It is version 0.1 and I wrote it in a few frmtoseconds, so YMMV. also do not use THIS password for anything. Make your own and one for each application.

Check the source code for any secret commi-nukations.

I would write that code myself, to make sure "the NSA hasn't compromised the randomness" :-)

Then I would pick up some extra tinfoil hats at the TinFoil Hat store.

#include /* gcc -o mypassword.exe mypassword.c */

int main(int argc, char *argv[]) { if (argc != 2) { printf("Mypassword.exe RandomSeedString\n"); printf("Generate password based on random seed string\n"); return 1; } printf("\nYour new password is: %s\n", argv[1]); return 0; }

Your result is only limited by your own imagination.

mypassword.exe abcd1234

Your new password is: abcd1234

And, "I did it with a computer" (tip of the hat to the Patent Department).

Using stepwise refinement, we try again. Still no rands, mersenne twisters, or the like.

#include #include /* gcc -o mypassword2.exe mypassword2.c */

int main() { /* Define your allowed alphabet here. String length prime ? */ char a[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345678"; int len = strlen(a); /* modulo, but subtract one when used as index */ __int64 time1; int i,j,k,m; char c[2048]; /* OK, already, you can stop typing now... */

if (!QueryPerformanceCounter((LARGE_INTEGER *)&time1)) { printf("QueryPerformanceCounter failed\n"); return 1; }

printf("Enter as many letters as the length of the desired\n"); printf("password, followed by Enter key. The time when each\n"); printf("letter is entered, is the random factor selecting\n"); printf("the letter used\n\n"); printf("Current alphabet has %d character choices\n\n", len);

j=k=0;

while ( (m = getch()) != 13 ) { QueryPerformanceCounter((LARGE_INTEGER *)&time1); /* Try to remove systematic bias in sample times using time scales */ i = ( (time1 >> 16) ^ (time1 >> 8) ^ time1 ) % len; c[j] = a[i-1]; j++; printf("%c", m); /* tactile feedback saved for last */ }

printf("\n\nYour password is: "); while (j > 0) { printf("%c", c[k]); j--; k++; } printf("\n"); }

Paul (who is not a programmer and never took Krypto in HighSkool)

Try Diceware. Good randomness, easy to remember, impossible to backdoor.

Cheers

Phil Hobbs

ibute, it

string

k" you?

Ha. I have some very unrandom dice.

NT

apg excels at generating pronounceable nonsense of any length:

$ apg -m 16 -a 0 NuocKiUvJusfeat~ nicOpEdfondErceb RhastAcPoivektoi oajPheanodfiedTi SlatCyChroodfeir GheyRawjeOctyab`

------------------------------------------------------------------------

------------------------------------------------------------------------ $ apg -h

apg Automated Password Generator Copyright (c) Adel I. Mirzazhanov

apg [-a algorithm] [-r file] [-M mode] [-E char_string] [-n num_of_pass] [-m min_pass_len] [-x max_pass_len] [-c cl_seed] [-d] [-s] [-h] [-y] [-q]

-M mode new style password modes

-E char_string exclude characters from password generation process

-r file apply dictionary check against file

-b filter_file apply bloom filter check against filter_file (filter_file should be created with apgbfm(1) utility)

-p substr_len paranoid modifier for bloom filter check

-a algorithm choose algorithm 1 - random password generation according to password modes 0 - pronounceable password generation

-n num_of_pass generate num_of_pass passwords

-m min_pass_len minimum password length

-x max_pass_len maximum password length

-s ask user for a random seed for password generation

-c cl_seed use cl_seed as a random seed for password

-d do NOT use any delimiters between generated passwords

-l spell generated password

-t print pronunciation for generated pronounceable password

-y print crypted passwords

-q quiet mode (do not print warnings)

-h print this help screen

-v print version information

------------------------------------------------------------------------

Thank you, 73,

Don Kuenz wrote in news: snipped-for-privacy@crcomp.net:

Pronounce this little tid bit...

My real name is Mike Coxmaul, but I go by Michael.

Sounds good,but cannot use it. To make a bad pun, as ONE a have to NIX it.

Although apg can generate long random characters, it's a little over the top for mere mortal me.

$ apg -m 64 -a 1 ?2-ydS{'2*PK"16\>M*+ayri,X0KT_gnxcz=vNgG@l,q>K-mZ!EAlf(Ty?/Q,#K) )|cnYKoj^rS!=X'#Phi~DeTXHsa+VsB"

WOW!

That password's a little long and it needs some digits. A better password may be something along the lines of:

In 2019 DLU said he's Coxmaul!

Although some systems do not accommodate passwords with spaces many ?most? do. Using an easily remembered sentence with the usual mix of special characters, caps, and digits works for me.

Thank you, 73,

• Not to bad. By replacing one randomly chosen character with a random digit, you can almost always make an improvement, especially more green bars with
  formatting link
  Fiddling with which character to replace might give slight added improvement. That last line is the best at 78%, 4 green bars. Randomly chose the w for a digit gives 80% 5 green bars.

(Corrected version)

#include #include

int main() { /* Define your allowed alphabet here. */ char a[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ012345678"; int len = strlen(a); /* modulo */ __int64 time1; int i,j,k,m; char c[2048];

if (!QueryPerformanceCounter((LARGE_INTEGER *)&time1)) { printf("QueryPerformanceCounter failed\n"); return 1; }

printf("Enter as many letters as the length of the desired\n"); printf("password, followed by Enter key. The time when each\n"); printf("letter is entered, is the random factor selecting\n"); printf("the letter used\n\n"); printf("Current alphabet has %d character choices\n\n", len);

j=k=0;

while ( (m = getch()) != 13 ) { QueryPerformanceCounter((LARGE_INTEGER *)&time1); /* Try to remove systematic bias in sample times using time scales */ i = ( (time1 >> 16) ^ (time1 >> 8) ^ time1 ) % len; c[j] = a[i]; /* modulo has the right range, fixed */ j++; printf("%d ", i); /* choice feedback */ }

printf("\n\nYour password is: "); while (j > 0) { printf("%c", c[k]); j--; k++; } printf("\n"); }

Sample output:

L:\>mypassword2 Enter as many letters as the length of the desired password, followed by Enter key. The time when each letter is entered, is the random factor selecting the letter used

Current alphabet has 61 character choices

Your password is: 5ZyTcsYpabQNyKwxnGing

L:\>