[Slackbuilds-users] apg-2.2.3 automated password generator

Jude DaShiell jdashiel at panix.com
Wed Nov 20 15:34:31 UTC 2019


Your example is insecure.
On Wed, 20 Nov 2019, Erich Ritz via
SlackBuilds-users wrote:

> Date: Wed, 20 Nov 2019 09:43:11
> From: Erich Ritz via SlackBuilds-users <slackbuilds-users at slackbuilds.org>
> Reply-To: Erich Ritz <erich.public at protonmail.com>,
>     SlackBuilds.org Users List <slackbuilds-users at slackbuilds.org>
> To: SlackBuilds.org Users List <slackbuilds-users at slackbuilds.org>
> Cc: Erich Ritz <erich.public at protonmail.com>,
>     "peter at peter-dambier.de" <peter at peter-dambier.de>
> Subject: Re: [Slackbuilds-users] apg-2.2.3 automated password generator
>
> ??????? Original Message ???????
> On Wednesday, November 20, 2019 6:33 AM, Jude DaShiell <jdashiel at panix.com> wrote:
>
> > One improvement that could be done to all of these password generators
> > is to make sure every password starts with a letter and ends with a
> > letter. That makes passwords more difficult by a little to crack. The
> > reason for that is mathematics. Numbers and special symbols have a set
> > size of 42 32 special symbols and 10 digits. Letters have a set size of
> > 52 all lower-case and upper-case and the underscore. Why the underscore
> > is understood as a letter by some people I don't know I would have
> > thought that would have been a special symbol.
> >
>
> Your response if completely off-topic, but I feel I have to respond:
>
> Please don't roll your own crypto.
>
> https://crypto.stackexchange.com/questions/70445/what-is-the-origin-of-the-phrase-dont-roll-your-own-crypto
> https://www.schneier.com/blog/archives/2011/04/schneiers_law.html
> http://web.archive.org/web/20030629085904/http://www-106.ibm.com/developerworks/library/s-everything.html
>
> Your assertion is wrong.
>
> Assume a 3-character password and 3 different algorithms:
> 1) Each character is randomly chosen from your numbers/special/letters set (94 total characters)
> 2) 1st and last password character must be letters.
> 3) 1st and last password characters CANNOT be letters (only numbers and special symbols.
>
> Algorithm (1) has 94^3=830,584 possible passwords.  Of those, some will begin and end with letters; some will start with a letter and end with a number/special, some will start with a number/special and end with a letter, and some will both start and end with a number/special.
> Algorithm (2) has 52*94*52=254,176 possible passwords.
> Algorithm (3) has 42*94*42=165,816 possible passwords.
>
> Your rationale compares algorithms (2) and (3) and concludes algorithm (2) is the best.  But, you have completely discounted algorithm (1), which is by far the best algorithm.
>
> In general, adding any restrictions to the password generation decreases entropy.  KeePass (or KeePassXC, can't remember which one) even warns of this when using their built-in password generator.
> _______________________________________________
> SlackBuilds-users mailing list
> SlackBuilds-users at slackbuilds.org
> https://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users
> Archives - https://lists.slackbuilds.org/pipermail/slackbuilds-users/
> FAQ - https://slackbuilds.org/faq/
>
>

-- 



More information about the SlackBuilds-users mailing list