[lug] password generating techniques

Scott Kruger kruger at txcorp.com
Wed Mar 21 09:22:28 MDT 2012 


I use the textfile approach but use gpg for security:

encrypt:  gpg -c $file
and decrypt: gpg $file

A little shell script to bring it up in an editor and encrypt
when done would is:

#!/bin/sh
cd $SECUREDIR
gpg ${passwordfile}.gpg
if [ -f ${passwordfile} ]; then
         $EDITOR ${passwordfile}
         if gpg -c ${passwordfile}  > /dev/null 2>&1 ; then
                 /bin/rm ${passwordfile}
         else
                 echo "Problem encrypting.  Try fixing by hand"
         fi
else
         echo "File not decrypted successfully"
fi


One can then use dropbox or a version control system to
move across platforms and feel pretty safe about it.

Scott




On 3/21/12 9:04 AM, John Vonachen wrote:
> Oh sorry.  I should have read more. How can you remember them?  Don't.
>   Write them down on a text file on your computer and put that text file
> in a secured directory.
>
> On Wed, Mar 21, 2012 at 9:01 AM, John Vonachen <john.vonachen at gmail.com
> <mailto:john.vonachen at gmail.com>> wrote:
>
>     // random.org <http://random.org> uses atmospheric noise to generate
>     random numbers
>
>     // in PHP:
>     // get a new secret code from random.org <http://random.org>
>     $curl = curl_init();
>     curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
>     curl_setopt($curl, CURLOPT_URL,
>     'http://www.random.org/strings/?num=1&len=10&digits=on&upperalpha=on&loweralpha=on&format=plain&rnd=new'
>     <http://www.random.org/strings/?num=1&len=10&digits=on&upperalpha=on&loweralpha=on&format=plain&rnd=new'>);
>     $newSecretCode = curl_exec($curl);
>     curl_close($curl);
>
>     On Wed, Mar 21, 2012 at 8:48 AM, Davide Del Vento
>     <davide.del.vento at gmail.com <mailto:davide.del.vento at gmail.com>> wrote:
>
>          > /dev/random?
>
>         Are you serious or are you kidding? (sorry, this sounds like
>         http://en.wikipedia.org/wiki/Poe%27s_law )
>
>         If you are kidding, fine :-D
>
>         If you are serious, you missed the point. The discussion here is how
>         can I *remember* tens if not hundreds of these passwords, not
>         how can
>         I generate them. Since I cannot remember them all, I see the
>         following
>         options:
>
>         1) use weaker passwords, easier to remember
>         2) use a single strong password, shared among all the services I use
>         3) use a (mental) algorithm to generate site-specific passwords
>         from a
>         single strong one
>         4) use a password manager like Kevin suggested
>         5) use something like OPLOP
>         6) write the strong passwords on a piece of paper
>
>         Of course 1) and 2) are bad, you don't need me to tell you why. 3)
>         could be ok, but being "mental" it must be easy and thus it can be
>         easy to crack and it is only security by obscurity. I replied to
>         Kevin
>         with my objections to 4) so I won't repeat myself. It looks like
>         5) is
>         the best choice, but I had the questions with which I started this
>         thread. Option 6) adds the physical security problem to the computer
>         security problem, and add the inconvenience of transporting this
>         piece
>         of paper with me at all the time in a secure manner.
>
>         Cheers,
>         Davide
>         _______________________________________________
>         Web Page: http://lug.boulder.co.us
>         Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>         Join us on IRC: irc.hackingsociety.org
>         <http://irc.hackingsociety.org> port=6667 channel=#hackingsociety
>
>
>
>
>     --
>
>     rDch0FkiKFXdpHLLyDHVsTXVGdBAIHIUbjJG9mlYYCfMWBC0CSilnxRbxASWwc
>
>
>     My final thoughts on Taoism and the philosophy of Wittgenstein:*
>     Beliefs are made of words but the world is not.*
>
>     <http://amikosoftware.com/songs/><http://amikosoftware.com/><http://amikosoftware.com/simplegen/rotturb/><http://www.amikosoftware.com/animate/><http://amikosoftware.com/simplegen/rotturb/><http://amikosoftware.com/simplegen/rotturb/><http://amikosoftware.com/simplegen/giggleSquare/>
>
>
>
>
> --
>
> rDch0FkiKFXdpHLLyDHVsTXVGdBAIHIUbjJG9mlYYCfMWBC0CSilnxRbxASWwc
>
> My final thoughts on Taoism and the philosophy of Wittgenstein:*
> Beliefs are made of words but the world is not.*
>
> <http://amikosoftware.com/songs/><http://amikosoftware.com/><http://amikosoftware.com/simplegen/rotturb/><http://www.amikosoftware.com/animate/><http://amikosoftware.com/simplegen/rotturb/><http://amikosoftware.com/simplegen/rotturb/><http://amikosoftware.com/simplegen/giggleSquare/>
>
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety

More information about the LUG mailing list