in the same vain uuidgen works quite well. On 06/02/2016 10:14 AM, Myles Braithwaite wrote:

I follow the xkcd guidelines of password strength <https://xkcd.com/936/>.

On Thu, Jun 2, 2016 at 10:01 AM, Ivan Avery Frey <ivan.avery.frey@gmail.com> wrote:

...

What is the recommended Linux password length today? --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk

-- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||

A lot of years ago Jan Carlson wrote a userfriendly password generator. It would generate a sequence of characters that sort of looked like a word. #!/usr/bin/perl $vowel = 'aeiouAEIOU'; $cnst = 'bcdfghjklmnpqrstvwxyzBCDFGHJKLMNPQRSTVWXYZ'; $letter = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $digit = '0123456789'; $punt = '-=+;:,.*$'; srand; #print &p($cnst), &p($vowel), &p($cnst), &p($punt), # &p($cnst), &p($vowel), &p($cnst), &p($digit), "\n"; print &p($cnst), &p($vowel), &p($cnst), &p($punt), &p($cnst), &p($vowel), &p($cnst), &p($digit), "\n"; sub p { my($list) = @_; substr($list, int(rand(length($list))), 1); } On 06/02/2016 12:00 PM, Christopher Browne wrote:

On 2 June 2016 at 10:35, Alvin Starr <alvin@netvel.net <mailto:alvin@netvel.net>> wrote:

in the same vain uuidgen works quite well

uuidgen has the significant demerit of producing passwords that are pointedly difficult to remember, as they truly contain no meaning whatever.

That's fine if you're using a password manager (KeePass or such) to manage the values, but it's not so good for those passwords that need to be memorized.

-- When confronted by a difficult problem, solve it by reducing it to the question, "How would the Lone Ranger handle this?"

--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk

A lot of years ago Jan Carlson wrote a user friendly password generator. It would generate a sequence of characters that sort of looked like a word. I have used it a bunch over the years because it generates a random sequence of stuff that is kind of memorable. #!/usr/bin/perl $vowel = 'aeiouAEIOU'; $cnst = 'bcdfghjklmnpqrstvwxyzBCDFGHJKLMNPQRSTVWXYZ'; $letter = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $digit = '0123456789'; $punt = '-=+;:,.*$'; srand; #print &p($cnst), &p($vowel), &p($cnst), &p($punt), # &p($cnst), &p($vowel), &p($cnst), &p($digit), "\n"; print &p($cnst), &p($vowel), &p($cnst), &p($punt), &p($cnst), &p($vowel), &p($cnst), &p($digit), "\n"; sub p { my($list) = @_; substr($list, int(rand(length($list))), 1); } -- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||

On 06/02/2016 12:13 PM, Alvin Starr wrote:

A lot of years ago Jan Carlson wrote a userfriendly password generator.

[snip]

-- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||

--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk OOPS. top and bottom posted on that last one. Breaking all the rules.

-- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||

Jan's version is kind of nicer than just random chracters because the result looks somewhat like pronounceable words if you like English. That makes it slightly more memorable than something truly random. On 06/02/2016 01:04 PM, Stewart C. Russell wrote:

On 2016-06-02 12:13 PM, Alvin Starr wrote:

...

A lot of years ago Jan Carlson wrote a userfriendly password generator. Yes, that does look like Perl 4 from sometime last century.

If you have to make a password to meet the stupid 8 char requirement you still sometimes see, this (nabbed from cmdlinefu, IIRC) works:

dd if=/dev/urandom count=1 2>/dev/null | base64 | head -1 | cut -c4-11

They're pretty hostile passwords it makes. I mostly use it to make new, instantly-forgotten Amazon/Ebay/$GamingSite passwords for the many, many people who mistakenly think their email address is my gmail address.

Stewart --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk

-- Alvin Starr || voice: (905)513-7688 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||

On 2 June 2016 at 10:14, Myles Braithwaite <me@mylesbraithwaite.com> wrote:

I follow the xkcd guidelines of password strength <https://xkcd.com/936/>.

Yep, "correct horse battery staple" is a very good password, and everyone should use that everywhere ;-) But seriously, I have a GIST for that < https://gist.github.com/cbbrowne/1201859> root@cbbrowne:/tmp# echo $(grep "^[^'A-Z]\{3,7\}$" /usr/share/dict/words|shuf -n4) dressed sliders replace padded root@cbbrowne:/tmp# echo $(grep "^[^'A-Z]\{3,7\}$" /usr/share/dict/words|shuf -n4) khan tailor con junky root@cbbrowne:/tmp# echo $(grep "^[^'A-Z]\{3,7\}$" /usr/share/dict/words|shuf -n4) ritual prince ethics brags root@cbbrowne:/tmp# echo $(grep "^[^'A-Z]\{3,7\}$" /usr/share/dict/words|shuf -n4) guava facet rumbas drape root@cbbrowne:/tmp# It's common for password policies to include (capitalize something, have a digit, have a non-alphanumeric character); it would be easy to augment with a random digit and a random choice of some special chars. I haven't bothered doing any code for that ;-) -- When confronted by a difficult problem, solve it by reducing it to the question, "How would the Lone Ranger handle this?"