From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 2D87A138334 for ; Tue, 5 Feb 2019 09:55:37 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C7EDEE0E31; Tue, 5 Feb 2019 09:55:29 +0000 (UTC) Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 39D4CE0E28 for ; Tue, 5 Feb 2019 09:55:29 +0000 (UTC) Received: by mail-wm1-x332.google.com with SMTP id y185so12104578wmd.1 for ; Tue, 05 Feb 2019 01:55:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:reply-to:subject:date:message-id:in-reply-to:references :mime-version; bh=LXB52YSeKmv3Rp8ldj3JnL2Z5i3OBoznozzAAGoITHQ=; b=n1kwKQwtdhbFEGFiu7RcQXuYG+5+N1BEvdZ5M+CCNPK5wQlbd5JSCCqeHvk0akfO3C wx8mnFB9nhI8ygfEOKK5J5XoB3bqvdPDW4xbWUO1cazcjflMF05VSWjVy1ktWX4cqrrB hj12GgiczEkg50DWN6iq5FNT3xejwBx6xy301dTfXOyTvN+Q6NRRkWZwAiVZSv0PStHS otYc3e3mml0+d/3aDF950blTGtf1dNxvINttCls7TbiLXYlnil4YFdwjGRE7bmny+uqb 4aJc81WYq3FvfFRqjH9sWbMzP/2si5kcekKc0V35PGd5i0apwdSf1cppV1kvt30Emq1j R+iQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:reply-to:subject:date:message-id :in-reply-to:references:mime-version; bh=LXB52YSeKmv3Rp8ldj3JnL2Z5i3OBoznozzAAGoITHQ=; b=UpqWhl+z8zUXHNyiQKf6BNe7oC+a2Ku6HN8hu9qD/a2W/HJuAi7GYy+WvyhwYtMNq6 dM7KU7x6TffgNetDRPHkxTv+6cHFKi4wtHrZI2fuAgvTP5mKDYOgpZwnGA2Tro9imhnX ZSw884W9nhKOzqZzSG8ZcnXntUaiIfKftGx27Fbithu0sZdiLUZbgJn27gm5D70TI+Jv +JPiWEcTinXzbNWWhzAm+sCBH7ypwts9t2RPxXhEex3rBmP9QQv9f4OVzGOab3j9ZN5a fc4aTPfjH353BGiwgYG4vPuvyOJq39EN20ukYbEAAoV2HDGyuGDGurcExr0gpQmhbDUk k66A== X-Gm-Message-State: AHQUAuaRqomd7P6c7/nNWc5K2lhttwr0yugyZy7r1V0WslAo4MFQGiG8 aDaH7MZ1+BtlDChNnG+rC+Uekn+W X-Google-Smtp-Source: AHgI3IbMzG/uuXYZq3jV7rUWiZEaK+h3vO+CnXdNFxLFZ9hXYASx8cCW46kDzpO+wRcN8/67hwW54Q== X-Received: by 2002:a1c:ac42:: with SMTP id v63mr2842872wme.119.1549360527349; Tue, 05 Feb 2019 01:55:27 -0800 (PST) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by smtp.gmail.com with ESMTPSA id c1sm9929277wmb.14.2019.02.05.01.55.25 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 05 Feb 2019 01:55:26 -0800 (PST) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Coming up with a password that is very strong. Date: Tue, 05 Feb 2019 09:55:24 +0000 Message-ID: <4357288.zjPoxG5Os4@dell_xps> In-Reply-To: <27b20ac6-24e4-d888-f2ed-66f66ca8ee5e@gmail.com> References: <8d027455-f210-c399-f5a7-bfb05692cc5f@gmail.com> <20190204132157.37cc49bc@digimed.co.uk> <27b20ac6-24e4-d888-f2ed-66f66ca8ee5e@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2221690.L6xTMt2bCb"; micalg="pgp-sha256"; protocol="application/pgp-signature" X-Archives-Salt: a132e63b-aa10-4893-aab9-c2ab69223c2f X-Archives-Hash: 779f4a07c0d35c06be17063e7c201088 --nextPart2221690.L6xTMt2bCb Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="UTF-8" On Tuesday, 5 February 2019 06:48:53 GMT Dale wrote: > Sort of picking a random message to reply to here. Someone sent a reply > off list about checking passwords on my system with tools available. > They also mentioned not trusting strength meters which I can get since > they pass some obvious passwords. I used three meters and some sort of > common sense as well. I found cracklib-check after some digging. I > used that to try to check my password and get this weird response. > > -su: me-supper-secret-password-here;): event not found > > I'm going to try to emulate my password without actually posting it, for > obvious reasons. You all are smart enough to understand why. ROFL It > has some of the following 'stuff' in it. !sdER*ark4567# As you can > tell, I use some of those things on the tops of the number keys. It > seems that confuses cracklib just a bit. BTW, I was running that as > root just to be sure it wasn't a permissions issue. I tried a few > different things but it seems the "!" is triggering that at least, maybe > others too. The command works fine with just normal stuff. Hmm ... I don't get such problem here, when I run cracklib as a plain user: $ cracklib-check password password: it is based on a dictionary word p4ssw0rd p4ssw0rd: it is based on a dictionary word p477w0rd p477w0rd: OK !sdER*ark4567# !sdER*ark4567#: OK helloworld helloworld: OK reallysecurepassword reallysecurepassword: OK LOL! Could it be something to do with your terminal/shell? I've run the above with bash in a urxvt terminal. > That leads > me to this question. Is there a tool I can use/install that will test a > password, try to crack it if you will, that will work regardless of the > characters used? In other words, it doesn't mind the things on top of > the number keys. > > BTW, I've also whittled it down to something a little easier to type > too. Feel sorry for any poor fool trying to just guess it. lol May > have better luck with P vs NP. ;-) > > Thanks. > > Dale > > :-) :-) I've used app-crypt/johntheripper in the distant past, but you'll need a good word list for it to be useful. Some of the wordlists I had found at the time were too big to download over dial-up! :p -- Regards, Mick --nextPart2221690.L6xTMt2bCb Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEt7MNaGaS6HvTUrEz6WnU8jC95dcFAlxZXYwACgkQ6WnU8jC9 5df9hg/+OhcRh+X9Ewr0GP9qb+osfZbP+oFLBCvznpE4VdzbbbFQqwLs7C2RmZuw p3Zy5jkaE3KfpEm+GEq1BqfZiK+GYG/N2qRoC76+rY07k/0f61d0N2lP/t6qesa5 DOZxw/QtAtzTsJ03AV/KfEExaeIlRSvN3NxLdaY/UJkPkEBJKeqRYmxiWgmeV9Zs +VPCYCEvtInS9+SxFIgi1zeVb+4YTlKA4AvqpYRKvbpVcNHpiDoTiTYHZu60XQmc PcGU5xFj2/WV5sbnxfvzwLWYOKDUhPl2qVwiGZOBdJZ2a+8hL41kANxhgGXHNWFm Yg+4W8edRml738f38rhmC5/FC5VGeU9hvLYV0JKc946R/OoFpsr137X9wlT9ppxg RKImc4zz9g2rD3dAcGBBoEy9oY/RmL17BQD3s/IhP8aGelb3/mIFNoyJFnsTJ2na BYXup2/SauZ26hCLgVxkQf2B0CFxKF8FLlgJblrpKbl+yJPXRCQ0aG8PimitNUtf 2hpxwXePuB/yDEze5DRqbmTuVqAHEIUKVhmCa9FrXO7wt3XZwaoS5qddwS7iZA9h GrTZCFsNi8x0uKGNd82B+6sduTKHNpUaVTuMOOU5uj/sQwQDHn86LXGBDLvxPYeY YnX4nlkMtCFzZFsxBWZ+KHbpt9EW89KFv2iv7r7S2Y+REE4BBz0= =EF1w -----END PGP SIGNATURE----- --nextPart2221690.L6xTMt2bCb--