[lug] password generating techniques

John Vonachen john.vonachen at gmail.com
Wed Mar 21 09:04:40 MDT 2012


Oh sorry.  I should have read more. How can you remember them?  Don't.
 Write them down on a text file on your computer and put that text file in
a secured directory.

On Wed, Mar 21, 2012 at 9:01 AM, John Vonachen <john.vonachen at gmail.com>wrote:

> // random.org uses atmospheric noise to generate random numbers
>
> // in PHP:
> // get a new secret code from random.org
> $curl = curl_init();
> curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
> curl_setopt($curl, CURLOPT_URL, '
> http://www.random.org/strings/?num=1&len=10&digits=on&upperalpha=on&loweralpha=on&format=plain&rnd=new'
> );
> $newSecretCode = curl_exec($curl);
> curl_close($curl);
>
> On Wed, Mar 21, 2012 at 8:48 AM, Davide Del Vento <
> davide.del.vento at gmail.com> wrote:
>
>> > /dev/random?
>>
>> Are you serious or are you kidding? (sorry, this sounds like
>> http://en.wikipedia.org/wiki/Poe%27s_law )
>>
>> If you are kidding, fine :-D
>>
>> If you are serious, you missed the point. The discussion here is how
>> can I *remember* tens if not hundreds of these passwords, not how can
>> I generate them. Since I cannot remember them all, I see the following
>> options:
>>
>> 1) use weaker passwords, easier to remember
>> 2) use a single strong password, shared among all the services I use
>> 3) use a (mental) algorithm to generate site-specific passwords from a
>> single strong one
>> 4) use a password manager like Kevin suggested
>> 5) use something like OPLOP
>> 6) write the strong passwords on a piece of paper
>>
>> Of course 1) and 2) are bad, you don't need me to tell you why. 3)
>> could be ok, but being "mental" it must be easy and thus it can be
>> easy to crack and it is only security by obscurity. I replied to Kevin
>> with my objections to 4) so I won't repeat myself. It looks like 5) is
>> the best choice, but I had the questions with which I started this
>> thread. Option 6) adds the physical security problem to the computer
>> security problem, and add the inconvenience of transporting this piece
>> of paper with me at all the time in a secure manner.
>>
>> Cheers,
>> Davide
>> _______________________________________________
>> Web Page:  http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>
>
>
>
> --
>
> rDch0FkiKFXdpHLLyDHVsTXVGdBAIHIUbjJG9mlYYCfMWBC0CSilnxRbxASWwc
> My final thoughts on Taoism and the philosophy of Wittgenstein:*
> Beliefs are made of words but the world is not.*
>
> <http://amikosoftware.com/songs/> <http://amikosoftware.com/><http://amikosoftware.com/simplegen/rotturb/><http://www.amikosoftware.com/animate/><http://amikosoftware.com/simplegen/rotturb/><http://amikosoftware.com/simplegen/rotturb/><http://amikosoftware.com/simplegen/giggleSquare/>
>



-- 

rDch0FkiKFXdpHLLyDHVsTXVGdBAIHIUbjJG9mlYYCfMWBC0CSilnxRbxASWwc
My final thoughts on Taoism and the philosophy of Wittgenstein:*
Beliefs are made of words but the world is not.*

<http://amikosoftware.com/songs/>
<http://amikosoftware.com/><http://amikosoftware.com/simplegen/rotturb/><http://www.amikosoftware.com/animate/><http://amikosoftware.com/simplegen/rotturb/><http://amikosoftware.com/simplegen/rotturb/><http://amikosoftware.com/simplegen/giggleSquare/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20120321/875c4e70/attachment.html>


More information about the LUG mailing list