Re: inetd questions
On 11/12/2000 at 10:28 -0700, Myles Green wrote:
> Huh? WTF are you smoking? There's no binary stuff there, just a _good_
> mix of upper and lower case plus numbers and other keyboard symbols.
>
> $ cat /dev/urandom | od -s8 -An
> $3,y3?es
> w3[Am'4j.
> )w{'375u
> l]TqFCG3
> V}gJR'CKQ
> NLUy1~,C:
> hw`wur0Apht
> P75<D@l8a
> P=>*iJc4A
>
> By any standards, those will be tough passwords to crack. Of course
> it's your box and you can use your birth date if you want, just don't
> expect it to reamain a secret for very long.
>
Huh? At least on my box (Linux decoy 2.2.18 #10 Mon Dec 11 15:05:03 WET 2000
i586 unknown) it _does_ dump lots of binary garbish.
sena@decoy:~$ cat /dev/urandom | od -s8 -An
2+Uêuæ¤'"@hé÷ª
D¨'Ó¤¶ÕÄÄ
éç»íÅÞ(Þ£
_Þr& É«ph
!òãQ¯+~ÇJ
h¼¢*ño(¡°ÊfeOõ
t¯àïÊ·tä~¹êÓè
Ø#lí´,Ö:óõä
Mr y·®|ÿ¯R
ÎñLÒðz²O©
6CDq<Üî*dÒëi
ÙØpkº\'&
]¤?Or:«9&I
ÞÍ®,@ûí!QÐ
Look at the last line. How the hell are you going to write the first, third
and last characters at a password prompt?
Why not try to make a perfectly random password with your fingers? Just
pound on a few (random) keys and throw some symbols on the middle:
"joid#$e)kkxjl"
Huh? More that 8 characters, you say? Yay. Don't use crypt for your password
encryption. Using md5 is pretty good, as it gives you the ability to use
passwords longer than 8 chars.
Regards, sena...
--
sena@decoy.ath.cx, http://decoy.ath.cx/~sena/
gpg fingerprint: F20B 12A8 A8F6 FD1F 9B1D BA62 C424 8E73 DD2E 47C8
Reply to: