From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Oje2E-00009k-QV for garchives@archives.gentoo.org; Thu, 12 Aug 2010 20:05:55 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 66FB2E0B2E for ; Thu, 12 Aug 2010 20:05:54 +0000 (UTC) Received: from mail-ey0-f181.google.com (mail-ey0-f181.google.com [209.85.215.181]) by pigeon.gentoo.org (Postfix) with ESMTP id D1CC2E09B3 for ; Thu, 12 Aug 2010 19:24:30 +0000 (UTC) Received: by eyf6 with SMTP id 6so477101eyf.40 for ; Thu, 12 Aug 2010 12:24:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=8yYnH2qqPdZ4uw+KGKxbEL+BhsPtgHHse/OgR12X9iI=; b=keiQw3riKEhzzxSbEsgbux5q07HaKLK/FutkwvaxwfzdQ0SwaOkVEHCqoWrvbbrr9z 5/iGXD5acutJ8lAobYxOgssD6QeAfVarCgJ+KJjQJKaUc+rxhsETAnXYeEVTGsJtuOQ7 gSYzsUP5YC3Dwa73bZO8u57QsHFjie7hpSDWY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:message-id; b=UqDFpoaZKjxGo3JdKwPqLIgcYvOBa5CgZ1nyxFih2qOS+qn2E9A0gQB3QZubLBjIow hjgMSXgBtPVxWRvSx391qXDDC6BLHB6FjpzDjos/enMJvrmY60X3dE2o6+AJp3Xu7LXL f00ieJkNqD79byHK4gUZB5Y8uIpycL24g7JPs= Received: by 10.213.15.82 with SMTP id j18mr7842863eba.78.1281641070084; Thu, 12 Aug 2010 12:24:30 -0700 (PDT) Received: from nazgul.localnet (196-210-183-170.dynamic.isadsl.co.za [196.210.183.170]) by mx.google.com with ESMTPS id a48sm2694821eei.19.2010.08.12.12.24.26 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 12 Aug 2010 12:24:27 -0700 (PDT) From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Rooted/compromised Gentoo, seeking advice Date: Thu, 12 Aug 2010 21:21:23 +0200 User-Agent: KMail/1.13.5 (Linux/2.6.34-ck-r1; KDE/4.4.5; x86_64; ; ) References: <201008112230.26977.alan.mckinnon@gmail.com> <350A68D1-D4F6-4180-A876-8CE106A15D0C@stellar.eclipse.co.uk> In-Reply-To: <350A68D1-D4F6-4180-A876-8CE106A15D0C@stellar.eclipse.co.uk> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201008122121.23496.alan.mckinnon@gmail.com> X-Archives-Salt: 5a3a50a9-a1a2-44e3-9010-34c7d9d2d6ff X-Archives-Hash: 0032af47a66ace3eb23a16facaa2da3e On Thursday 12 August 2010 15:01:12 Stroller wrote: > On 11 Aug 2010, at 21:30, Alan McKinnon wrote: > > ... > > My users pick their own passwords - I present a list of 5 from apg > > and let > > them pick one > > apg's results seem awfully unmemorable by default. > > I tend to prefer random password generators that create pronounceable > nonsense words, by stringing together random syllables, rather that > just letters. > > Do you know if apg can do that? I'm sure it's in the manpage, so > forgive me for not parsing it at this time of the morning. Yes, it can do that. It's for that reason I use it. The command I use is: $ apg -m8 -x8 -MCNL Badnack9 VeOsFid5 JucWeac9 EowtUzt1 SceybEf8 ByejCys1 passwords are 8 chars simply because some elements of the environment have that limitation. As you can see, the passwords tend to be pronounceable. And many, many tests run have convinced me that the passwords have sufficient entropy to be good enough - good enough being defined as "john the ripper didn't brute force it in 48 hours" -- alan dot mckinnon at gmail dot com