From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 7419C138334 for ; Mon, 4 Feb 2019 11:11:19 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DFDD5E0B04; Mon, 4 Feb 2019 11:11:13 +0000 (UTC) Received: from blaine.gmane.org (unknown [195.159.176.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 78305E0AE8 for ; Mon, 4 Feb 2019 11:11:13 +0000 (UTC) Received: from list by blaine.gmane.org with local (Exim 4.89) (envelope-from ) id 1gqc9a-000Hle-JU for gentoo-user@lists.gentoo.org; Mon, 04 Feb 2019 12:11:06 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: Nikos Chantziaras Subject: [gentoo-user] Re: Coming up with a password that is very strong. Date: Mon, 4 Feb 2019 13:10:54 +0200 Message-ID: References: <8d027455-f210-c399-f5a7-bfb05692cc5f@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0 In-Reply-To: <8d027455-f210-c399-f5a7-bfb05692cc5f@gmail.com> Content-Language: en-US X-Archives-Salt: a72b9c6b-1fcf-406d-8582-b7dfa35356ff X-Archives-Hash: f094d7e94b4ab5ad48148c2c2b15d13d On 04/02/2019 07:47, Dale wrote: > How do you, especially those who admin systems that are always being > hacked at, generate strong passwords that meet the above?  I've googled > and found some ideas but if I use the same method, well, how many others > are using that same method, if you know what I mean.  ;-)  Just looking > for ideas. I don't use a password manager. For website logins, I just use the password manager in the browser (Firefox), which does not use a master password :-P I just assume my own system is not going to be compromised. For the websites I use, I generate a unique password per site using this command: $ pwmake 128 This generates a password using 128 bits of entropy from /dev/urandom. You need dev-libs/libpwquality being installed (it's a dep of something important, I think, so should be installed on most systems already.) For remote systems I administer through SSH, I don't use passwords. I use a public/private key pair to log in (4096 bits.) My private key is protected with a strong password though, but it's easy to remember since it doesn't need to change. Something like: ilp&mac4d@4*r Which is short for: I like pizza and macaroni for dinner at four star restaurants.