[Slackbuilds-users] apg-2.2.3 automated password generator

Peter Dambier peter at peter-dambier.de
Wed Nov 20 18:03:14 UTC 2019


Long story short and without any more flames

apg was originally developed by the nist to give pronounceable passwords
that can easyly remembered. Most of them begin with a letter and end
with a letter.

 From what I have seen apg uses the kernel random and entropy.

 From what I have experienced, I get emails from everybody with my
password and name in the subject. Inside they want a lot of money or ...

The only good thing, I used that password only for a single mailinglist
and I was warned of this to happen.

Inventing good passwords for each and every mailinglist- not a good idea.

Relying on passwords only for security is not a good idea either.

Getting a hickup whenever you see your name and password in the subject
- it is spam after all.

That is why I think Slackware should have an apg, almost everybody else has.

If the nist has rectracted it, it must be good.

Cheers
Peter



On 11/20/2019 05:49 PM, Matteo Bernardini wrote:
> Il giorno mer 20 nov 2019 alle ore 17:09 Didier Spaier
> <didier at slint.fr> ha scritto:
>>
>> Hi Matteo,
>>
>> this cartoon is funny, but hardly accessible by Jude who is blind
>> (he is a Slint user, among other distributions).
>
> sorry, I didn't know it.
>
> BTW, in the html of that page there's a <div id="transcript"> entry
> that I paste below:
>
> ---
>
> ((The comic illustrates the relative strength of passwords assuming
> basic knowledge of the system used to generate them. A set of boxes is
> used to indicate how many bits of entropy a section of the password
> provides. The comic is laid out with 6 panels arranged in a 3x2 grid.
> On each row, the first panel explains the breakdown of a password, the
> second panel shows how long it would take for a computer to guess, and
> the third panel provides an example scene showing someone trying to
> remember the password.))
>
> [[The password "Tr0ub4dor&3" is shown in the centre of the panel. A
> line from each annotation indicates the word section the comment
> applies to.]]
> Uncommon (non-gibberish) base word [[Highlighting the base word - 16
> bits of entropy.]]
> Caps? [[Highlighting the first letter - 1 bit of entropy.]]
> Common Substitutions [[Highlighting the letters 'a' (substituted by
> '4') and both 'o' (the first of which is substituted by '0') - 3 bits
> of entropy.]]
> Punctuation [[Highlighting the symbol appended to the word - 4 bits of
> entropy.]]
> Numeral [[Highlighting the number appended to the word - 3 bits of entropy.]]
> Order unknown [[Highlighting the appended characters - 1 bit of entropy.]]
> (You can add a few more bits to account for the fact that this is only
> one of a few common formats.)
>
> ~28 bits of entropy
> 2^28 = 3 days at 1000 guesses
> sec
> (Plausible attack on a weak remote web service. Yes, cracking a stolen
> hash is faster, but it's not what the average user should worry
> about.)
> Difficulty to guess: Easy.
>
> [[A person stands scratching their head trying to remember the password.]]
> Person: Was it trombone? No, Troubador. And one of the Os was a zero?
> Person: And there was some symbol...
> Difficulty to remember: Hard.
>
> [[The passphrase "correct horse battery staple" is shown in the centre
> of the panel.]]
> Four random common words {{Each word has 11 bits of entropy.}}
>
> ~44 bits of entropy.
> 2^44 = 550 years at 1000 guesses
> sec
> Difficulty to guess: Hard.
>
> [[A person is thinking, in their thought bubble a horse is standing to
> one side talking to an off-screen observer. An arrow points to a
> staple attached to the side of a battery.]]
> Horse: That's a battery staple.
> Observer: Correct!
> Difficulty to remember: You've already memorized it
>
> ((The caption below the comic reads: Through 20 years of effort,
> we've successfully trained everyone to use passwords that are hard
> for humans to remember, but easy for computers to guess.))
>
> {{Title text: To anyone who understands information theory and
> security and is in an infuriating argument with someone who does not
> (possibly involving mixed case), I sincerely apologize.}}
>
> ---
> _______________________________________________
> SlackBuilds-users mailing list
> SlackBuilds-users at slackbuilds.org
> https://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users
> Archives - https://lists.slackbuilds.org/pipermail/slackbuilds-users/
> FAQ - https://slackbuilds.org/faq/
>

--
Peter and Karin Dambier
Adalbert-Stifter-Strasse 17
D-69509 Moerlenbach
+49(6209)280-3030 (VoIP: GGEW)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de


More information about the SlackBuilds-users mailing list