Re: [gentoo-user] Coming up with a password that is very strong.

[Dale <rdalek1967@gmail.com>]

Michael Schwartzkopff wrote:
> Am 05.02.19 um 10:55 schrieb Mick:
>> On Tuesday, 5 February 2019 06:48:53 GMT Dale wrote:
>>
>>> Sort of picking a random message to reply to here.  Someone sent a reply
>>> off list about checking passwords on my system with tools available.
>>> They also mentioned not trusting strength meters which I can get since
>>> they pass some obvious passwords.  I used three meters and some sort of
>>> common sense as well.  I found cracklib-check after some digging.  I
>>> used that to try to check my password and get this weird response. 
>>>
>>> -su: me-supper-secret-password-here;): event not found
>>>
>>> I'm going to try to emulate my password without actually posting it, for
>>> obvious reasons.  You all are smart enough to understand why.  ROFL  It
>>> has some of the following 'stuff' in it.  !sdER*ark4567#  As you can
>>> tell, I use some of those things on the tops of the number keys.  It
>>> seems that confuses cracklib just a bit.  BTW, I was running that as
>>> root just to be sure it wasn't a permissions issue.  I tried a few
>>> different things but it seems the "!" is triggering that at least, maybe
>>> others too.  The command works fine with just normal stuff.
>> Hmm ... I don't get such problem here, when I run cracklib as a plain user:
>>
>> $ cracklib-check
>> password
>> password: it is based on a dictionary word
>> p4ssw0rd
>> p4ssw0rd: it is based on a dictionary word
>> p477w0rd
>> p477w0rd: OK
>> !sdER*ark4567#
>> !sdER*ark4567#: OK
>> helloworld
>> helloworld: OK
>> reallysecurepassword
>> reallysecurepassword: OK
>>
>> LOL!
>>
>> Could it be something to do with your terminal/shell?  I've run the above with 
>> bash in a urxvt terminal.
>>
>>
>>> That leads
>>> me to this question.  Is there a tool I can use/install that will test a
>>> password, try to crack it if you will, that will work regardless of the
>>> characters used?  In other words, it doesn't mind the things on top of
>>> the number keys. 
>>>
>>> BTW, I've also whittled it down to something a little easier to type
>>> too.  Feel sorry for any poor fool trying to just guess it.  lol  May
>>> have better luck with P vs NP.  ;-)
>>>
>>> Thanks.
>>>
>>> Dale
>>>
>>> :-)  :-) 
>> I've used app-crypt/johntheripper in the distant past, but you'll need a good 
>> word list for it to be useful.  Some of the wordlists I had found at the time 
>> were too big to download over dial-up!  :p
>>
> A good password also has to be memorizable. See:
>
> https://xkcd.com/936/
>
>
> Mit freundlichen Grüßen,
>


That's the problem.  I want one really good password that would be
virtually impossible even for someone who knows me to guess.  Doing that
and being able to remember it plus be relatively easy to remember
complicates things a lot.  While at it, I'd like it to be hard to crack
as well.  Even with these password test tools, that is proving to be
hard to know for sure.  I have one that I know would be hard to guess
and I think it would be hard to crack as well but I don't know that last
part for sure, yet anyway. 

Thanks.  It's a work in progress still. 

Dale

:-)  :-)