frustrate shouldservers

Eric Oyen eric.oyen at
Sat Feb 4 01:49:49 UTC 2017

hmmm. I wonder if that python script will work on my OS X lion macbook here. could make for an interesting test.

from the central office of the Technomage Guild

On Feb 3, 2017, at 1:39 PM, Tim Chase wrote:

> If you want a password generator that can produce fairly strong
> "XKCD" passwords, I created one a while back
> It's a single Python file that lets you choose how many words you
> want, the min/max length of those words, how many passwords to
> generate, which dictionary you want to use (I occasionally point it
> at the "upgoer five" dictionary for less obscure words), as well as
> generation of statistics on how long it would take to brute-force the
> password.  So it lets me do things like
> # generate 5 passwords
> -c 5
> # generate 8 5-word passwords
> # where the words are 3-10 characters long
> -c 8 -n 5 --min=3 --max=10
> # use my local upgoer_five dictionary
> -d /usr/share/dict/upgoer_five
> # show stats on how long it would take to crack
> # any of these 8 passwords if a system can try
> # 10000000 passwords every second
> -c 8 -g 10000000 -v
> There's also optional functionality for skipping words from a
> word-list (optionally ROT-13 encoded) in case you don't want it to
> generate profane words.
> I like the output because not only is it much easier to type, but it's
> much easier to convey over the phone "your password is 'sick book mine
> shadow knock'" as opposed to "your password is 'capital Juliet,
> lowercase Whiskey, lowercase Bravo, ampersand, the number three,
> capital Delta, equals-sign, ...'"
> Have fun with it! (grins)
> -tim
> On February  3, 2017, Janina Sajka wrote:
>> This has been a very good thread.
>> I have one additional suggestion which is to add something you
>> personally know, but that could not be guessed very easily, nor
>> exposed by a dictionary attack.
>> I find alternative, non standard phonetic spellings helpful this
>> way. Even better are obscure, obsolete spellings of place names,
>> people, objects, or concepts, particularly
>> if the source language isn't English.
>> On its own this strategy is insufficient, of course. But two or
>> three such terms, plus the hashing described below, builds up a
>> good password, imo.
>> Of course, it's also important to employ available technology to
>> thwart scripted attacks, e.g. with applications like denyhosts or
>> fail2ban. Also, if you don't need to be open to access from the
>> general public, move to IPv6 and shutdwon as much IPv4 access as
>> possible. Anyone who has external access to any of my machines
>> understands they need to come in via IPv6, because I'm not
>> listening for connections on IPv4. Obviously, that doesn't work for
>> mail or web traffic, but it's really helpful for sshd.
>> PS: If we've not mentioned it, the pwgen command has many useful
>> options.
>> Janina
>> Tim Chase writes:
>>> I've used a technique that's come to be known as "password
>>> haystacks" (see link below) which involves simply padding your
>>> good (or even written shoulder-surfable) password out to a
>>> reasonable length to make the brute-force cracking all the more
>>> complex.
>>> So say my password is "correct horse battery staple".  I might
>>> take that and then add 8 periods at the end. Or 10 ampersands.  Or
>>> alternate dash-equals-dash-equals as many times as you want. Or
>>> whatever secret character or characters you want and however many
>>> of them you want.  It's also particularly handy if you have to
>>> change your password on a regular basis (I usually just change
>>> the haystack characters).
>>> Alternatively, if you use a GUI and "keepassx" is accessible in
>>> your screen-reader, it allows you to generate strong passwords,
>>> keep them safe behind one master password, keep them hidden from
>>> shoulder-surfing eyes, and will auto-type them into the last
>>> window you were in.  This is the solution I use for most
>>> passwords (except my master passwords, for which I use the
>>> haystack method).
>>> -tim
>>> _______________________________________________
>>> Blinux-list mailing list
>>> Blinux-list at
>> -- 
>> Janina Sajka,	Phone:	+1.443.300.2200
>> 			sip:janina at
>> 		Email:	janina at
>> Linux Foundation Fellow
>> Executive Chair, Accessibility Workgroup:
>> The World Wide Web Consortium (W3C), Web Accessibility Initiative
>> (WAI) Chair, Accessible Platform Architectures
>> _______________________________________________
>> Blinux-list mailing list
>> Blinux-list at
> _______________________________________________
> Blinux-list mailing list
> Blinux-list at

More information about the Blinux-list mailing list