From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 45C80138334 for ; Tue, 5 Feb 2019 06:49:02 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A2268E0D77; Tue, 5 Feb 2019 06:48:56 +0000 (UTC) Received: from mail-ot1-x333.google.com (mail-ot1-x333.google.com [IPv6:2607:f8b0:4864:20::333]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2E861E0D13 for ; Tue, 5 Feb 2019 06:48:55 +0000 (UTC) Received: by mail-ot1-x333.google.com with SMTP id s5so4033817oth.7 for ; Mon, 04 Feb 2019 22:48:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=RGokLLLMjFlMVRAmkRfvtQ0HMsdt2QQqQ9HjL4psAHE=; b=GuI19YkiE96aiH/ieh99CxsvMbodB9jOi9KwzCPK4XEHrBjMQluhBOiozjQxQ6VP/G W5jgyIOQ8djV0zTTOqFOZFF0rF19xm92AWP0mO3PT9dGtAB7BUedAxETY/HF1Fo3NywD ZHZ9K85pVnTU7Dujh1UjRRQpz2+mc72jrv68Vory/0tDHCCkfLE+39uT0L0pPu4qxTLO Y1DD6UoPxkhSZclhOJWfZv2u+Nwktwcc6Ys1qXxVoMW12jvIq6spz78WdYUXEIn20U3J 0jaXzxmID9Uyr69vBeNznnBSysZMGxnisffci2btNZSDenY+Kshif2oqDQFjO6SQAHWN U0bQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-transfer-encoding; bh=RGokLLLMjFlMVRAmkRfvtQ0HMsdt2QQqQ9HjL4psAHE=; b=cOBcslBwlauzQW4WybTfhYCpgQOuvp/ZGjuhhyVS/CzGqF/6m+AhokHIerGFl+0T0R Lz43Oif9fAV5XIXQfkpRn4vKnAs/Y+cIldAxSc1VMc9Rt4wo5X8hAOW+SOxsbdg/Ir9v vEyPg/50jjG1t/LCVXfm4SD8vmBR2iJ295EjHAskrvDNE4JwGjDyQIGd6QuUoVj0aKMH Y+EsJgdEmJie3P7pqEFr9uSL5m2ugjkHCX7IWrhyMXEK21YaDCbqDTfOOqSl8M4gBzNz TS2o/Hsu1AWcx/roixx5CmBXrDUU8ggaMNpZYgTZeioimg5o7fFvYkk8cgSm4ASUctXG oa9A== X-Gm-Message-State: AHQUAuaTOwUbSgimTNYR4ElMCYlylkaJerKkm6jyKr9shMLiLMa+C8aS vilSFzQkrHDOiYEyS6OZcYM= X-Google-Smtp-Source: AHgI3IYj+Akuo6MmNfwNqb9p9nVZDtlpKlsEbXltT1sAg85nVj1cp/LqXaRW5nH5FxMhZfjpSZ8vfg== X-Received: by 2002:a05:6830:1649:: with SMTP id h9mr1694709otr.292.1549349335156; Mon, 04 Feb 2019 22:48:55 -0800 (PST) Received: from [192.168.2.5] (adsl-68-19-235-101.bna.bellsouth.net. [68.19.235.101]) by smtp.gmail.com with ESMTPSA id x4sm8585738oix.32.2019.02.04.22.48.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 04 Feb 2019 22:48:54 -0800 (PST) Subject: Re: [gentoo-user] Coming up with a password that is very strong. To: gentoo-user@lists.gentoo.org References: <8d027455-f210-c399-f5a7-bfb05692cc5f@gmail.com> <2593531.BapclQZ6Rp@peak> <20190204103703.184d5001@digimed.co.uk> <12204550.2pT58cCFQF@dell_xps> <20190204132157.37cc49bc@digimed.co.uk> From: Dale Openpgp: preference=signencrypt Autocrypt: addr=rdalek1967@gmail.com; prefer-encrypt=mutual; keydata= mQINBFpEtdQBEADI51WaryP3FJlDfmCQx2aPQpSppEKxqWhCTA8KFEcOVFmIIfiFAeekqMMD mhUxgZTtlQh7dsNqha6ioaYDqGKTv7oeJlPJw4hmIMJX3WYVSOHlsJUNM2jpDIAFeEKfup/T zDzFpuU2Qtr/Y0ji35wHyOAZLRckeNk705oRvE9wqi6noTP15Gxmw/U6aMzEfvu+wGEfCjgs 9bERmu+CS75PZEaFAv8RnsXUv1UcvQ45jmk/8ni/ogxE2h53OIp6c/hOlgJkSVRQWPZZyKZw lDiSUKCtMXPMdZ9w0X6RltQxtIQXO0KxAKaAp+tnL8z+0piafF5uW4RIglhT922RXKxxdZyx SjRgtE4V1IPtUcwPAeqVUZw2P1b4pjfPv7tNtMoFsIiY0ZnT+ua4ps6KOUeocRPKAX14mZkL jt/sZM7aIKiwyoteshRgWNNkxh4OiSxGCRUKNQI8M42cRSidvJZ6SGZXM3WpV28RPyF7+0Ba 0stEQwBGNF8uxgytY9rOJ7obmIpEZKx1p3W1O1hadOjBo2110jMDirRXtktMDfBDvVKkOZ06 vLu16uZLb0O52euhl2dMcEI3ZoCAFTKtdwMITIDj1TcMBZar6+bcwOicSFFogOLHQLJZRO5q I5szOIYW7+c0yNqPRLT3Sq7HzDyuyTUjmPZSAcqOwzX8GwUFkwARAQABtBtEYWxlIDxyZGFs ZWsxOTY3QGdtYWlsLmNvbT6JAlQEEwEIAD4WIQSUDVlCt0m0Z/PsCaxgB5lCagHqugUCWkS1 1AIbIwUJCWYBgAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBgB5lCagHqurR7D/45/q20 vXdrJGxrkNphotmlBtTpNbVauu5A2NDv3E1Il6yqRBfh4Xw7xFuwhz9DqThuvByU6566vr0z 7oVCK33dxRm4WA7YaogRQZy4VVIbHdrksnh2f702CFllqtn5Y29M2JtXG5jiiL3aZNEhoyP9 eMtzLPGs56yZ3eMkz4U7DEmWCAUr8bbuXW+eq/A0V5djcFdHfmanuDZSxzg+cZTpVOLolS2b pmNsPTSMkJ2MDY2Kfdg3gPhSaawo2agQfgnf9E7vSm7z/rlk8bBUWcPAP/XTN9ndVwOO3x74 EQv/M4EiCTtNpw3yapVZI2NhA1wqW648D7RxIPD8Y3nkJVDS4x5g54xDe1IUFOtVUSDAh+vY wUJt7vgbCeRjyT8XbuGW9RokIos3ALNaPoq/FDNEqefbmop0CPRih6aLFHWT4YBA6xQjLJuP LSNvalNqE5mef0giCtnLxo/lkjnP9Sv+t/5VSHda5zkVuN0+2w46SbGvXIHRkSoSi6XH3ccq KayJC+oTqo4xf9J30c7CV4rEcYnJcnxMw0vcYmU3DwjGfKxuKcLHgPr9mDNWvhteroA5wNWw NzQ72yAj7rsZVUXCxZgiPldSH3SXZJ/Jo6E9JouzQgRb/I4Vy4jx0Yw8rJLDx/ha82fn+FVe cFbiodVV5UD0inw488IAAtJE+Zi0t7kCDQRaRLXUARAA38iHcF7M7GnkS73dazdLBgz2YJsu fpix/N/x4CvoHMqTuwi4ASz1WroYjl3KajeH0DSybyPdEQ7nffxIUt48deT3j/rwsJkPRvCF BpmcwxErd/Mbq0BgikYxXvO68aEAs4jBDR26YtONfjobEfd+Juhxci9UN9vTOCgSPhY+dxHs MZ0gHRzvMnpM3o3+oht/XRZr05RQx83DvTIqWnjDQlCseYYlbFp+rFTZi7ro71ULDThfCE0p +f+IQ3zX0cRKOcJGtNRvyWH6PxmN4td6Q7gPHfAsFPLsCpg7nZwOejtAktPejtSEXlN6QOKv bmRQxNtzgMtjzJNNJW2NtBz0DIW394+9stchQRKLqH8n8GnB6tlkfPg4vgf/kq14QQSZcb0F M36wk+i1Hk+TWYWbOBoUw9+X941Pw1JnglJ3tzpBh+36+pdG02Lbm2v6SaZ69zkDfzJ2Sfhb E+KQLibLkiCOhuSDLDWUgUeb0lJ/0qlo3vcQMTBuG5eiWiwBkp4C+ACb1f1Akq0mFvim+gCJ qJOTu0IDK9DjKLKglA3Z6sbeepnXq8fxB2Mo/SFSYEsGqUu4MLxgwnPg7zi+rKg7MhqdiBBE fqugmNguCEYZjJrGCCzwuqPXAZAcyzEYTGFKwI6NdEZ6v8Xc3om9MJomB3y1uzG6K7T9ue5H aw/2aqEAEQEAAYkCPAQYAQgAJhYhBJQNWUK3SbRn8+wJrGAHmUJqAeq6BQJaRLXUAhsMBQkJ ZgGAAAoJEGAHmUJqAeq6/ykP/ib6xEHednaXvzZvvj854PB5ffBqKkphbf51g6pxPvFBWMwY E7Bu/kq8e3hkp3rzX42BjqiUmfEe2OyfZCabXLybP8i/QRkHTzD5nLoIYLeL+62N/WQFW1NU VhqdfQbMhphNgP1mvG2Ib5R6S+Fb+vkw776oq6jLwUBP/o6PPpp62GyvFvFb9ekxV9+sE4yG V3DTqURBY+aXfc/MTzlCXp4u4QzFW9odfcb/kb9f1m/gZbWGihAqeMd1HViXQoMzTx6IuP13 eQAkKj4FlA2QMzbEOOKO6fliSt1JweJoh0OLCEAM/3q+LaflMvvjhl9ht00IUT/ySj3/dZdf EdTpuUAtnC3A3flwgK/aetkkOhrkx9hx4SKn6UHtAl+eCqP1Mae+nWzkisBL0/hBPEz713md 5I+4Y4QjIokRiz/5l/TFwpGu26zmDfDUkZmxZR/iNCW0VAmZE2YdyRm3PYcFcVXuZ1f/ff0D us9xGsO8V6F5EIwx/9Y6AWQdW7PoKHA21ri93PoRgjv+QoOifXEkhJwTKg5k5b1Tr7h9eRU/ Se2XigPVODjrN9FRfkx/JxlJcCs/igGJS05BmiZNIIRDKBGdXy/Fj5HQB2q5v5DfvrLMNTwK Aa8pn/em1SKC/l9aV9ygpN+cQPKoQjGxPPaId/rwX+GVxKl2vakjHLPLQmm3 Message-ID: <27b20ac6-24e4-d888-f2ed-66f66ca8ee5e@gmail.com> Date: Tue, 5 Feb 2019 00:48:53 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.9.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: <20190204132157.37cc49bc@digimed.co.uk> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Archives-Salt: 05a7ed40-0e1c-4149-8ba0-ed05494260cd X-Archives-Hash: 88cfd1316088936599546c930941dc74 Neil Bothwick wrote: > On Mon, 04 Feb 2019 11:17:13 +0000, Mick wrote: > >>> https://xkcd.com/936/ >> Not strictly true ... the crackers would probably use rainbow tables >> attacks first. Also, it isn't fair to compare an 11 character passwd >> against a 25 character passwd. For the *same* number of characters >> used in any given passwd, a random lower/upper/numerical/symbol passwd >> will provide an exponentially higher degree of difficulty in cracking >> it with brute force, than one which uses only lower case dictionary >> words. Anyway, these days many attacks are focused on OS or hardware >> vulnerabilities which have been baked in by design, rather than brute >> force attacks. > I'm not sure xkcd is meant to be taken that seriously... > > Sort of picking a random message to reply to here.  Someone sent a reply off list about checking passwords on my system with tools available. They also mentioned not trusting strength meters which I can get since they pass some obvious passwords.  I used three meters and some sort of common sense as well.  I found cracklib-check after some digging.  I used that to try to check my password and get this weird response.  -su: me-supper-secret-password-here;): event not found I'm going to try to emulate my password without actually posting it, for obvious reasons.  You all are smart enough to understand why.  ROFL  It has some of the following 'stuff' in it.  !sdER*ark4567#  As you can tell, I use some of those things on the tops of the number keys.  It seems that confuses cracklib just a bit.  BTW, I was running that as root just to be sure it wasn't a permissions issue.  I tried a few different things but it seems the "!" is triggering that at least, maybe others too.  The command works fine with just normal stuff.  That leads me to this question.  Is there a tool I can use/install that will test a password, try to crack it if you will, that will work regardless of the characters used?  In other words, it doesn't mind the things on top of the number keys.  BTW, I've also whittled it down to something a little easier to type too.  Feel sorry for any poor fool trying to just guess it.  lol  May have better luck with P vs NP.  ;-) Thanks. Dale :-)  :-)