From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 72147138334 for ; Tue, 5 Feb 2019 06:20:08 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D865EE0AB2; Tue, 5 Feb 2019 06:19:57 +0000 (UTC) Received: from mail-pf1-x42f.google.com (mail-pf1-x42f.google.com [IPv6:2607:f8b0:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 54F57E0A97 for ; Tue, 5 Feb 2019 06:19:57 +0000 (UTC) Received: by mail-pf1-x42f.google.com with SMTP id c73so1034347pfe.13 for ; Mon, 04 Feb 2019 22:19:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:date:from:to:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=FrABuKBpBpTyCAVgWDcLpStEct7XZdZH2KqkLt8I9FA=; b=dImnrv+YjydCh7NwVRUGWyf/DlfH6mLzokEliCS5X4000Wa87/B/uXUZpQbMdD6Q6f c7nOOSp1QECThmubnLoE5EggSsAr0/aaabCt+Y27ivnHERUL528gn9ztyVnVS7FXuDgc /vwyjBY3ToQYkm+A1/zHUw2qekIFYOvWaAP04eEmvZn0rM0hpcT3UE2kZG7I7/h7RRf/ GV5WrLwhl2RL74zZG0SWRk3IYiwmxMBFyvY4c3pt5PKMQIbx860/ftQaXEWK7cJlwvSi rDRFylhFRqXJTGdsMe5wSnVYEXcbzcs7hPktnz2hfL3XyaN/sk0Svz4Fr5QN3T+0mAq6 BCPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:subject:message-id :references:mime-version:content-disposition:in-reply-to:user-agent; bh=FrABuKBpBpTyCAVgWDcLpStEct7XZdZH2KqkLt8I9FA=; b=eJsuHARHcdcTpADp/IfievW8CBYdm4vtuoUlspgbopkXF/AXSCGXmcy5d16DbMSapV /6s5tk5wSP7McbRBceQtC/px1A4gCiFkk9Lveje4+BDNFXbq8++4SYd47vBQ4PVi1djB vjuZRNpPctpGMg1dzDcXm0JFuqXuU1J0IPURhMAiB3XbEQXQdY93LK9lQojMdRFGwYEb ilcJ6Y8qFdmcgCK9TO6XFPWcKpZ1t5bOf24mQC1pEX7XzKQSe9BPkwV22WlmnTcI6gxr l7oF2hDwCqWn6XaxHhm1Q1gQTZm5nbCHOLMqaVChPWrEZefFdsWPMyp58+O4yes3IQ66 KDkg== X-Gm-Message-State: AHQUAuYGEfDXZCOpxZwJ4/VKl4Eb2Ov5SxunA1GNTvd16peATn/43Kgw 1HQumfYGVIghJUsaM9i8Z3nwTxo3 X-Google-Smtp-Source: AHgI3IZHPhKLPlLLAxid1Vv+iwUud3sIuBbuY8ODP5oU9jEIrQaocQUU4S3aJFSXnxZA/khQmyao8w== X-Received: by 2002:a63:1766:: with SMTP id 38mr2764154pgx.299.1549341734108; Mon, 04 Feb 2019 20:42:14 -0800 (PST) Received: from localhost (5.162.69.111.dynamic.snap.net.nz. [111.69.162.5]) by smtp.gmail.com with ESMTPSA id q1sm2651181pgs.14.2019.02.04.20.42.12 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 04 Feb 2019 20:42:13 -0800 (PST) Sender: Roger Welsh Date: Tue, 5 Feb 2019 17:42:09 +1300 From: "Roger J. H. Welsh" To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Coming up with a password that is very strong. Message-ID: <20190205044151.dp6pqpnhoavst427@ponos> References: <8d027455-f210-c399-f5a7-bfb05692cc5f@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <8d027455-f210-c399-f5a7-bfb05692cc5f@gmail.com> User-Agent: NeoMutt/20180716 X-Archives-Salt: 18283a7e-99d6-428c-b3ba-02da2b19fffe X-Archives-Hash: 2f5015fbe6dd9af2eeae3c194095105c Hi Dale, On Sun, Feb 03, 2019 at 11:47:35PM -0600 , Dale wrote: > How do you, especially those who admin systems that are always being > hacked at, generate strong passwords that meet the above? I have a script for generating passwords the way I like (basically diceware on bash). Something like: FACTOR=$[ 2**(4*8)/$(cat "$WORDLIST"|wc -l) ] cat "$WORDLIST" | head -n "$[ $(od -vAn -N4 -tu4 < /dev/random ) / $FACTOR ]" | tail -1 I use this in conjunction with https://github.com/dwyl/english-words/blob/master/words.txt As far as I understand, if you have about 96 bits of entropy you are golden. 256 bits is unbruteforceable (at least within the realms of physics apparently). 5 words = 94 bits (which is good enough for me) 14 words = 256 bits (which seems like a lot of typing) I also have a messy spreadsheet for checking passwords. https://github.com/rjhwelsh/gpg-tutorial/blob/master/password_checker.ods I provide no warranty for my working. ;) -- Roger Welsh fpr: 2FCB 9E31 EA77 CDEC A3AE 5DD7 D54C C777 553A 180D