If you are serious about security, these should not be accessible via a remote password login.įor SSH, you should already be using authentication keys and set PasswordAuthentication no in your SSHD config file.įor MySQL, you should use skip-networking bind-address = 127.0.0.1 and/or iptables to block port 3306 or restrict access to specific IP(s). Notice that I didn’t include SSH or MySQL root passwords above. If you’re really paranoid you can generate new card when someone sees it, but even then you don’t really have to hurry because it would take a heck of a long time to try all the possible passowords in the card even with really powerfull cluster.Many practices make a server secure, but often neglected is using secure passwords. There are so many ways to read the card that even if someone sees it they will never guess your password. I’ve been using this method for a while now and it has made me use considerably longer passwords and encouraged me to change them more often as it’s pretty much impossible to forget them. In short, he uses pwgen to generate cards like this he reads it in random ways. Jon Kulp’s idea for password managing is pretty neat. It will use more printable characters than what you will get with hashes or base64 encoding. Or you could just use a real password generating program such as pwgen. Or you could use date’s formatting to make it a bit more unique: `date +"%Y-%m-%dyoursalthere" | sha256` You could do `echo "$(date)yoursalthere" | sha256sum` Using date for password generation is a really bad idea, at least without a salt. Use with a bit of salt or just use 16+ chars of it, move chunks around, etc. NOTE: these two methods are insecure on their own. Please enter some random data (only first 16 are significant)Īpg can also be used to generate non web-safe passwords, the kind that no humanĬan readily remember: apg -s -a 1 -m 63 -n 6Īn alternative means of generating similar passwords to *apg’*s default mode, but without the advantage of memory aids, might be: < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c$ echo Ī8969c7fce131787cb4dd7ea773b02422916c739517208a75f42d30de455620a. Hard to remember passwords are often rotated/changed less regularly, because of users are reluctant to go through the challenge of remembering a new one over and over.Ĭreating memorable, strong (for their length) and web-safe alphanumeric passwords is easy with apg. Others tend to use password-managers that (unlike keepass) are often very dubious People tend to write them down on computers and objects They’re readily forgotten and so requested back over the wire Passwords of the same or even longer length are (counter-intuitively) often /more/ vulnerable than shorter, more memorable strong passwords. The point of introducing phonemes (here, the FIPS-181 NIST Implementation) is that less memorable It uses /dev/random as the initial random seed.
#Pwgen command line linux generator#
SKILL LEVEL: FIT Generating passwords in the GNU/Linux CLI apg, the Automatic Password GeneratorĪpg is a respected CLI password generator for UNIX systems, favoured in that it generates provably strong passwords with the advantage of providing the user with phonemes to assist memory.
0 kommentar(er)
