| View previous topic :: View next topic |
| Author |
Message |
one_red_eye
n00b
Joined: 21 May 2005
Posts: 42
Location: North Dakota
|
 Posted: Fri Jul 08, 2022 7:37 pm Post subject: 'passwd' password generator |
 |
|
I like using the passwords generated by 'passwd'. Is there a way to use this mechanism to generate passwords without having to SSH into a linux machine?
| Code: | You can now choose the new password or passphrase.
A valid password should be a mix of upper and lower case letters, digits, andother characters. You can use a password containing at least 7 characters
from all of these classes, or a password containing at least 8 characters
from just 3 of these 4 classes.
An upper case letter that begins the password and a digit that ends it do notcount towards the number of character classes used.
A passphrase should be of at least 3 words, 11 to 72 characters long, and
contain enough different characters.
Alternatively, if no one else can see your terminal now, you can pick this asyour password: "Gun6urge5isaac".
Enter new password: |
_________________
"99% of the people in this world are fools, and the rest of us are in great danger of contagion." |
|
| Back to top |
|
 |
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3958
|
| Posted: Fri Jul 08, 2022 9:38 pm Post subject: |
|
|
Hi
Should work in powershell also.
Maybe mac.
_________________
 |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23193
|
| Posted: Fri Jul 08, 2022 9:46 pm Post subject: Re: 'passwd' password generator |
|
|
| one_red_eye wrote: | | I like using the passwords generated by 'passwd'. Is there a way to use this mechanism to generate passwords without having to SSH into a linux machine? |
You can use this when logged in locally, too. There is no need to ssh to a remote machine to run this command. Do you mean you are using some non-Linux system which lacks this command, and you want to run the command anyway? |
|
| Back to top |
|
|
one_red_eye
n00b
Joined: 21 May 2005
Posts: 42
Location: North Dakota
|
| Posted: Fri Jul 08, 2022 10:05 pm Post subject: |
|
|
I use an Android device to SSH to a computer. There is no end to password generator websites and apps. I want to generate passwords based on the pattern above because I can actually remember them.
{word} {number or special character} {word} {number or special character} {word}
_________________
"99% of the people in this world are fools, and the rest of us are in great danger of contagion." |
|
| Back to top |
|
|
Zucca
Moderator
Joined: 14 Jun 2007
Posts: 3968
Location: Rasi, Finland
|
| Posted: Sun Jul 10, 2022 6:30 am Post subject: |
|
|
That shouldn't be too hard to script.
You need to have some dictionary file to parse and the hardest part is done.
_________________
..: Zucca :..
| My gentoo installs: | init=/sbin/openrc-init
-systemd -logind -elogind seatd |
| Quote: | | I am NaN! I am a man! |
|
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20589
|
| Posted: Sun Jul 10, 2022 3:46 pm Post subject: |
|
|
Dealing with special characters can cause some issues with output, but maybe that's my limitation.
Anyway, a basic start from which you can choose your own special characters: shuf -n 3 /usr/share/dict/words
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23193
|
| Posted: Sun Jul 10, 2022 3:53 pm Post subject: |
|
|
The requirements still seem strange to me. You want to use neither a website nor an Android app, and you want to do this from an Android smartphone, so you don't have access to a proper Linux environment where you could just run passwd. Given those constraints, what can you run that could produce any output, while being local, not a website, and not an Android app?
If we set that aside and say you just need a Linux script, then this should do it: | generate-dictionary-password.bash: | #!/bin/bash
set -eu
declare -a w n
w=( $( shuf -n3 /usr/share/dict/words ) )
n=( $( shuf -n2 -e \! \" \# \$ \% \& \' \( \) \* \+ \, \- \. \/ \: \; \< \= \> \? \@ \[ \\ \] \^ \_ \` \{ \| \} \~ ) )
printf '%s%s%s%s%s\n' "${w[0]}" "${n[0]}" "${w[1]}" "${n[1]}" "${w[2]}" |
The most time consuming part turned out to be getting the special characters, because I wanted bash to generate those from a brace expansion. Once I gave up and listed them out, the rest was easy. |
|
| Back to top |
|
|
spica
Guru
Joined: 04 Jun 2021
Posts: 350
|
| Posted: Sun Jul 10, 2022 4:10 pm Post subject: Re: 'passwd' password generator |
|
|
| one_red_eye wrote: | | I like using the passwords generated by 'passwd'. Is there a way to use this mechanism to generate passwords without having to SSH into a linux machine? |
app-admin/pwgen
| Code: | $ pwgen -c -n -s -y 32
zhGTcx900.`CmSY12P=O8gtZSH=Uo&JL `0.K]Zt6k{gh2J^l"Lx$yv7f"4HPdy^P
e8RJ<)7=2[fCu`2[`G!lsis^{s@j1:tg nz;PW6ZXQKs>3V#>S)x*~z@ob=Oije9>
di0>>#OmPivnQ3ru#P./Fe%Mv?uE!JBZ $Nwv:e$C2$;m!KWw4MAletHkKBj0_F;;
Q'u[`=2Ev"J|)x:fx4KXF]K9LUD[+!S| |Xg_|\:m[g,G7x1zSlO<OH")8C>cHl}I
!$ChDY_'%+Jp@/IGV*75;E{58:%azWJY .fS8ss6o5G+^v_QRVq}7}\$V]g'D;V?1
GcgV;6A./yMy^y3[h#||5BF\a~[lsXvl *R_@gNL,g=y7Nz0AX?q*6jF4U22/Gtg`
|
Upd: man 1 pwgen - generate pronounceable passwords | Quote: | | The pwgen program generates passwords which are designed to be easily memorized by humans |
| Code: | $ pwgen 12
soaShoh1fae0 thuTo0xae7Ki uMo4iac1meid IePhais2voph gu2chaigoCah aiK5eixieY6u
oox9ooB9Wei6 shaeHoon7zah oi3Ahfo9zore eg9ahPhaesee EiGhae8om3ie aoyoh8eeKo5u
Dee7Fah0Mooh ongaebohVo3o fie1chohShi6 hee1eecei5Sh ceiXu8ooqu3l la1eiSh3ahng
aif4eiZ2xae3 veiToh2dohz0 Iehagoe5eigu loo2ahgaiw1S tohLeaX9aihu ong5eYu9Eing |
Last edited by spica on Thu Jul 14, 2022 11:03 am; edited 1 time in total |
|
| Back to top |
|
|
one_red_eye
n00b
Joined: 21 May 2005
Posts: 42
Location: North Dakota
|
| Posted: Sun Jul 10, 2022 4:21 pm Post subject: |
|
|
| Hu wrote: | The requirements still seem strange to me. You want to use neither a website nor an Android app, and you want to do this from an Android smartphone, so you don't have access to a proper Linux environment where you could just run passwd. Given those constraints, what can you run that could produce any output, while being local, not a website, and not an Android app?
If we set that aside and say you just need a Linux script, then this should do it: | generate-dictionary-password.bash: | #!/bin/bash
set -eu
declare -a w n
w=( $( shuf -n3 /usr/share/dict/words ) )
n=( $( shuf -n2 -e \! \" \# \$ \% \& \' \( \) \* \+ \, \- \. \/ \: \; \< \= \> \? \@ \[ \\ \] \^ \_ \` \{ \| \} \~ ) )
printf '%s%s%s%s%s\n' "${w[0]}" "${n[0]}" "${w[1]}" "${n[1]}" "${w[2]}" |
The most time consuming part turned out to be getting the special characters, because I wanted bash to generate those from a brace expansion. Once I gave up and listed them out, the rest was easy. |
That's awesome! One question, how do I randomly capitalize the first letter of the words before it goes to output?
_________________
"99% of the people in this world are fools, and the rest of us are in great danger of contagion." |
|
| Back to top |
|
|
pjp
Administrator
Joined: 16 Apr 2002
Posts: 20589
|
| Posted: Sun Jul 10, 2022 4:26 pm Post subject: |
|
|
| Hu wrote: | | Once I gave up and listed them out, the rest was easy. |
Interesting. I didn't think I had useful results with shuf's -e option. The only reference I see in my history seems to have worked, so I too must have wanted to avoid listing them all out. Which I ended up doing a different way (that didn't work), so I must have forgotten about -e. Avoiding arrays adds some extra stimulation.
_________________
Quis separabit? Quo animo? |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23193
|
| Posted: Sun Jul 10, 2022 4:57 pm Post subject: |
|
|
| one_red_eye wrote: | | That's awesome! One question, how do I randomly capitalize the first letter of the words before it goes to output? |
The randomness comes from shuf, and shuf does not seem to offer that. However, you could fake it by having bash transform the results before printing. If you wanted to always capitalize a word, use "${w[0]^}". To do it randomly, you would need bash to flip it. | Code: | #!/bin/bash
set -efu
declare -a w n
w=( $( shuf -n3 /usr/share/dict/words ) )
n=( $( shuf -n2 -e \! \" \# \$ \% \& \' \( \) \* \+ \, \- \. \/ \: \; \< \= \> \? \@ \[ \\ \] \^ \_ \` \{ \| \} \~ ) )
for i in {0..2}; do
if [[ $(( $RANDOM % 2 )) = 0 ]]; then
w[$i]="${w[$i]^}"
fi
done
printf '%s%s%s%s%s\n' "${w[0]}" "${n[0]}" "${w[1]}" "${n[1]}" "${w[2]}" |
This also fixes a bug in the earlier version that allowed * to expand as a file glob. |
|
| Back to top |
|
|
figueroa
Advocate
Joined: 14 Aug 2005
Posts: 3008
Location: Edge of marsh USA
|
| Posted: Thu Jul 14, 2022 4:26 am Post subject: |
|
|
BTW, sha1pass generates a pretty good password, but you definitely won't remember it. sha1pass comes from sys-boot/syslinux.
_________________
Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
| Back to top |
|
|
forrestfunk81
Guru
Joined: 07 Feb 2006
Posts: 567
Location: münchen.de
|
| Posted: Tue Jul 19, 2022 12:19 pm Post subject: |
|
|
Use Keepass.
Its available for Linux (KeepassXC) and Android (Keepass2), it can generate passwords in many configurable ways and helps you remember your passwords. Just share the encrypted kdbx file via Nextcloud or something similiar between your devices.
_________________
# cd /pub/
# more beer |
|
| Back to top |
|
|
figueroa
Advocate
Joined: 14 Aug 2005
Posts: 3008
Location: Edge of marsh USA
|
| Posted: Tue Jul 19, 2022 3:27 pm Post subject: |
|
|
My encrypted passwords and other secrets file is NOT going to be placed on any company's storage on the internet.
_________________
Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
| Back to top |
|
|
forrestfunk81
Guru
Joined: 07 Feb 2006
Posts: 567
Location: münchen.de
|
| Posted: Tue Jul 19, 2022 5:15 pm Post subject: |
|
|
| figueroa wrote: | | My encrypted passwords and other secrets file is NOT going to be placed on any company's storage on the internet. |
Mine neither! You can host NextCloud or similiar file exchange services by yourself
_________________
# cd /pub/
# more beer |
|
| Back to top |
|
|
figueroa
Advocate
Joined: 14 Aug 2005
Posts: 3008
Location: Edge of marsh USA
|
| Posted: Tue Jul 19, 2022 5:30 pm Post subject: |
|
|
| forrestfunk81 wrote: | | figueroa wrote: | | My encrypted passwords and other secrets file is NOT going to be placed on any company's storage on the internet. |
Mine neither! You can host NextCloud or similiar file exchange services by yourself |
Within my network(s) I just use SFTP and NFS. I only use common Unix/Linux software in order to not be dependent on ever changing 3rd party applications. I am, admittedly, old-school and lightly paranoid.
_________________
Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/23.0/split-usr/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
| Back to top |
|
|
spica
Guru
Joined: 04 Jun 2021
Posts: 350
|
| Posted: Fri Nov 03, 2023 5:07 pm Post subject: |
|
|
| These fancy passwords are generated by a code from sys-auth/passwdqc, see man 1 pwqgen |
|
| Back to top |
|
|
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9932
Location: almost Mile High in the USA
|
| Posted: Fri Nov 03, 2023 11:50 pm Post subject: |
|
|
Again going to the password strength meter one liner:
| Code: | | $ echo $(egrep '^[a-z]{4,7}$' /usr/share/dict/words|shuf -n4)|tr -d ' ' |
I chose to remove the words with too many or too few characters, words with apostrophes, hyphens, or capitalization, and I think this should still be be in the spirit.
Removing the spaces is optional of course.
I just wonder how long it would take the above script to generate correcthorsebatterystaple....
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23193
|
| Posted: Sat Nov 04, 2023 12:52 am Post subject: |
|
|
I see ~48k words that match your filter[1]. I think this is an N-choose-R problem. Since we care about order, the probability of hitting the right choice on any given try is ~.00000000000000000018 (1 / (48458 * 48457 * 48456 * 48455)).
You could avoid the use of tr with a careful printf: printf '%s%s%s%s\n' $(grep -E '^[a-z]{4,7}$' /usr/share/dict/words|shuf -n4). If you want it to work regardless of the shuffle count, you could use { printf '%s' $(grep -E '^[a-z]{4,7}$' /usr/share/dict/words|shuf -n4); echo; } This relies on printf to discard the whitespace (newlines), then uses a bare echo to emit a newline at the end.
[1]: | Code: | )$ grep -E '^[a-z]{4,7}$' /usr/share/dict/words -c
48458 |
|
|
| Back to top |
|
|
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9932
Location: almost Mile High in the USA
|
| Posted: Sat Nov 04, 2023 2:52 am Post subject: |
|
|
These no-numbers xkcd password generators, one could salt them by just appending or prepending your birthday or year and would make it even worse to guess, no real need to intersperse the digits. Jury's still out on spaces or not. Either way to take advantage of it, one would have to know you did omit them or not, and that's another bit of entropy!
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
flexibeast
Guru
Joined: 04 Apr 2022
Posts: 488
Location: Naarm/Melbourne, Australia
|
| Posted: Sat Nov 04, 2023 6:28 am Post subject: |
|
|
| (As an aside, to get a Linux environment on one's Android device, without root, there's Termux.) |
|
| Back to top |
|
|
Leonardo.b
Guru
Joined: 10 Oct 2020
Posts: 308
|
| Posted: Sun Nov 05, 2023 6:32 pm Post subject: |
|
|
I always try to genetate strong passwords and keep them safe, even for crappy sites.
Then I've tried to open a bank account, and the last step of onboarding requested me a password of MAXIMUM lenght 6 chars, no symbols allowed. |
|
| Back to top |
|
|
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9932
Location: almost Mile High in the USA
|
| Posted: Sun Nov 05, 2023 7:17 pm Post subject: |
|
|
technically speaking your account username for banks is a kind of password since there's no real need to share that information (unless you use it on other sites, which is also a "bad idea"). So a bit of entropy is there too to prevent hacking as long as account lists don't get disclosed...
Granted a stored hash of a password is more secure than plaintext account names.
This doesn't apply for un*x account names as it's typically shared for email or ls -l ...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
Leonardo.b
Guru
Joined: 10 Oct 2020
Posts: 308
|
| Posted: Tue Nov 07, 2023 11:56 am Post subject: |
|
|
Said bank relies on phone authentication by SMS, password is in top of that. But I don't consider it safe enough for my moneys.
By the way, I know they store passwords in plain text too. |
|
| Back to top |
|
|
|
Gentoo Chat
