Re: One-line password generator
On Fri 01 Sep 2017 at 09:58:19 -0500, Mario Castelán Castro wrote:
> On 22/08/17 10:04, Mario Castelán Castro wrote:
> > I have the following line in my Bash init file:
> > “alias gen-password="head -c 16 /dev/urandom | base64 | head -c 22 && echo"”
> > This generates a password with just above 128 bits of entropy. You may
> > find it useful.
> A slight simplification:
> alias gen-password="head -c 16 /dev/urandom | base64 | cut -c -22"
I too would like to adjust some of my arguments to meet the many good
points which have been raised in this thread. Here is a password
for my bank. Where does the password come from? It doesn't matter. Let
us say I wrote down as I sat and watched TV. It is not a result of the
what is above. Is this going to be guessed in any reasonable time by
being attacked online? I would say not. It actually fulfills all the
conditions that many banking sites advise. Numerals, upper and lower
case letters and symbols and no dictionary words. Plus it has length. A
star example, in other words.
Unbeknownst to me (and totally outside my area of responsibility) the
bank's database is seriously compromised; an attack on its structure (or
a disgruntled employee) leads to the hashed passwords being leaked.
How safe is the password above? Word lists would not seem to dint it.
Patterns? There do not appear to be any. For all intents and purposes,
when it comes to cracking it, it would have to be treated as a randomly
produced password. It looks like brute force is the only way to go.
That is an awfully long time to crack it; just like passwords produced
from those generated by the function above.
Meanwhile, the breach has been discovered and an alert sent to affected
people. I can change my password. It is not all bad news.