P("of entropy, choosing words from the first entries in\n")
Pwgen usage password#
P("Generates a password of nwords words, each with nbits bits\n") ("%r contains only %d words, not %d.\n" %ĭisplay_password(generate_password(nwords, wordlist), nwords, nbits) #!/usr/bin/pythonįilename = os.path.join(os.environ, 'devel', 'wordlist') Other possible countermeasures include using Emacs shell-mode, which prompts you locally for the password when it recognizes a password prompt and then sends the whole password at once, and copying and pasting the password from somewhere else.Īs you'd expect, this password also takes a little while longer to type: about 6 seconds instead of about 3 seconds. Additionally, the lower length of the 9-character password inherently gives the Herbivore approach much less information to chew on. My countermeasure to the Herbivore attack, which works well with 9-character password but is extremely annoying with my new password, is to type the password with a half-second delay between characters, so that the timing channel does not carry much information about the actual characters used. However, there is still a problem: because there are many fewer bits of entropy per character (about 1.7 instead of 6.6) there is a lot of redundancy in the password, and so attacks such as the ssh timing-channel attack (the Song, Wagner, and Tian Herbivore attack, which I learned about from Bram Cohen in the Bagdad Café in the wee hours one morning, years ago) and keyboard audio recording attacks have a much better chance of capturing enough information to make the password attackable. Munroe's assertion that these passwords are much easier to memorize is correct. I've started using a password generated this way in place of a 9-printable- ASCII-character random password, which is equally strong. That GPU costs about US$1.45 per day to run in 2011, so cracking the password would cost about US$3e+09.
Pwgen usage crack#
The most common password-hashing algorithm these days is FreeBSD’s iterated MD5 cracking such a hash would take 5.2e+06 CPU-years.īut a modern GPU can crack about 250 times as fast, so that same iterated MD5 would fall in 2e+04 GPU-years.
Pwgen usage Offline#
That password would take 2.5e+03 CPU-years to crack on my inexpensive Celeron E1200 from 2008, assuming an offline attack on a MS-Cache hash, which is the worst password hashing algorithm in common use, slightly worse than even simple MD5. mkpass.py 5 12 Your password is "learned damage saved residential stages". Kragen at inexorable:~/devel/inexorable-misc$. Generate a random, memorizable password: Just two days ago, Kragen Javier Sitaker posted a program to do this at (gone now - try ) This is not ultimately strong in all cases, but already very strong (it could be defeated with a budget which will be counted in months and billions of dollars, not mere millions). Thus, with 13 characters, you get 78 bits of entropy. With an alphabet of length 64, you get 6 bits of entropy per character (because 2 6 = 64). Then, for each password character, get one byte from os.urandom(), reduce the value modulo 64 (this is unbiased because 64 divides 256) and use the result as index in your chars array. letters (uppercase and lowercase), digits, and two extra punctuation characters (such as '+' and '/'). To make things simple: choose an alphabet of length 64, e.g.
You should work with os.urandom() all along. Then you use it as seed in random, which is less good: that one is a non-cryptographic PRNG, and its output may exhibit some structure which will not register in a statistical measurement tool, but might be exploited by an intelligent attacker. For any practical purpose (even cryptography), the output of os.urandom() is indistinguishable from true alea. You use Python's os.urandom(): that's good. If the password is not meant to be remembered by a human being, then it is not really a password. The difficult thing with passwords is to make them strong enough and still be able to remember them.
0 kommentar(er)
