frustrate shouldservers

Eric Oyen eric.oyen at
Sat Feb 4 01:38:43 UTC 2017

here is another one for you. there is another utility called "jive". take your original passphrase, run it through that and then use that to generate a hash. good luck guessing that one. :)

from the central office of the Technomage Guild

On Feb 3, 2017, at 10:25 AM, Janina Sajka wrote:

> This has been a very good thread.
> I have one additional suggestion which is to add something you
> personally know, but that could not be guessed very easily, nor exposed
> by a dictionary attack.
> I find alternative, non standard phonetic spellings helpful this way.
> Even better are obscure, obsolete spellings of place names, people,
> objects, or concepts, particularly
> if the source language isn't English.
> On its own this strategy is insufficient, of course. But two or three
> such terms, plus the hashing described below, builds up a good password,
> imo.
> Of course, it's also important to employ available technology to thwart
> scripted attacks, e.g. with applications like denyhosts or fail2ban.
> Also, if you don't need to be open to access from the general public,
> move to IPv6 and shutdwon as much IPv4 access as possible. Anyone who
> has external access to any of my machines understands they need to come
> in via IPv6, because I'm not listening for connections on IPv4.
> Obviously, that doesn't work for mail or web traffic, but it's really
> helpful for sshd.
> PS: If we've not mentioned it, the pwgen command has many useful
> options.
> Janina
> Tim Chase writes:
>> I've used a technique that's come to be known as "password
>> haystacks" (see link below) which involves simply padding your
>> good (or even written shoulder-surfable) password out to a reasonable
>> length to make the brute-force cracking all the more complex.
>> So say my password is "correct horse battery staple".  I might take
>> that and then add 8 periods at the end. Or 10 ampersands.  Or
>> alternate dash-equals-dash-equals as many times as you want. Or
>> whatever secret character or characters you want and however many of
>> them you want.  It's also particularly handy if you have to change
>> your password on a regular basis (I usually just change the haystack
>> characters).
>> Alternatively, if you use a GUI and "keepassx" is accessible in your
>> screen-reader, it allows you to generate strong passwords, keep them
>> safe behind one master password, keep them hidden from
>> shoulder-surfing eyes, and will auto-type them into the last window
>> you were in.  This is the solution I use for most passwords (except
>> my master passwords, for which I use the haystack method).
>> -tim
>> _______________________________________________
>> Blinux-list mailing list
>> Blinux-list at
> -- 
> Janina Sajka,	Phone:	+1.443.300.2200
> 			sip:janina at
> 		Email:	janina at
> Linux Foundation Fellow
> Executive Chair, Accessibility Workgroup:
> The World Wide Web Consortium (W3C), Web Accessibility Initiative (WAI)
> Chair, Accessible Platform Architectures
> _______________________________________________
> Blinux-list mailing list
> Blinux-list at

More information about the Blinux-list mailing list