[ale] evernote security breach

John Pilman jcpilman at gmail.com
Mon Mar 4 15:00:28 EST 2013


Here is something I borrowed from Christopher Night. I don't know how to
link to it directly since it was posted on Google+.
"""
To generate 10 good passwords on Linux:

tr -cd a-z < /dev/urandom | fold -b8 | head

This chooses 8 lowercase letters at random. Some password systems will tell
you these passwords are weak because they're short and don't contain
numbers, capitals, or punctuation, but the fact that they're generated by a
computer rather than by a human more than makes up for this fact. These
8-letter passwords have 38 bits of entropy, which NIST estimates to be as
strong as a user-chosen password (that includes numbers, capitals, and
punctuation) of 22 characters. This should be enough for just about anyone.

If you need extremely high-entropy passwords for something, you can change
"a-z" to a bigger selection of characters and/or increase the length of the
password:

tr -cd [:print:] < /dev/urandom | fold -b14 | head

These 14-character passwords have 92 bits of entropy, which according to
the NIST estimate is the same as a user-generated password of 76 characters.
"""

...John



On Mon, Mar 4, 2013 at 1:33 PM, Richard Bronosky <richard at bronosky.com>wrote:

> I use XKCD passwords http://xkcd.com/936/
>
> I've been pleasantly surprised to find most of the services I care about
> don't complain about my 30+ character passwords. I really wish they would
> be smarter about entropy measurement rather than just insisting on some
> stupid rules be satisfied.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130304/7e1fe90b/attachment.html>


More information about the Ale mailing list