FAQ: How can I generate good strong passwords?

Q: How can I generate good strong passwords?

A:

* Password Safe* <http://passwordsafe.sourceforge.net/>
(NOT <http://www.passwordsafe.com/>)
Originally created by noted cryptographer Bruce Schneier of Counterpane Labs,
it's open source and free, and has been subjected to extensive peer review.

* Diceware passphrase <http://world.std.com/~reinhold/diceware.html>
A good way to create a strong, yet easy to remember passphrase.
See also <http://en.wikipedia.org/wiki/Diceware>

See also:
<http://en.wikipedia.org/wiki/Password>
<http://en.wikipedia.org/wiki/Password_strength>
<http://en.wikipedia.org/wiki/Passphrase>

On Wed, 05 Apr 2006 16:40:56 GMT, John Navas wrote:

> Q: How can I generate good strong passwords?
>
> A:
>
> * Password Safe* <http://passwordsafe.sourceforge.net/>
> (NOT <http://www.passwordsafe.com/>)
> Originally created by noted cryptographer Bruce Schneier of Counterpane Labs,
> it's open source and free, and has been subjected to extensive peer review.
>
> * Diceware passphrase <http://world.std.com/~reinhold/diceware.html>
> A good way to create a strong, yet easy to remember passphrase.
> See also <http://en.wikipedia.org/wiki/Diceware>
>
> See also:
> <http://en.wikipedia.org/wiki/Password>
> <http://en.wikipedia.org/wiki/Password_strength>
> <http://en.wikipedia.org/wiki/Passphrase>

An easier option is to go here: https://www.grc.com/passwords

[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

In <(E-Mail Removed)> on Wed, 05 Apr 2006 20:53:44
GMT, Doz <(E-Mail Removed)> wrote:

>On Wed, 05 Apr 2006 16:40:56 GMT, John Navas wrote:
>
>> Q: How can I generate good strong passwords?
>>
>> A:
>>
>> * Password Safe* <http://passwordsafe.sourceforge.net/>
>> (NOT <http://www.passwordsafe.com/>)
>> Originally created by noted cryptographer Bruce Schneier of Counterpane Labs,
>> it's open source and free, and has been subjected to extensive peer review.
>>
>> * Diceware passphrase <http://world.std.com/~reinhold/diceware.html>
>> A good way to create a strong, yet easy to remember passphrase.
>> See also <http://en.wikipedia.org/wiki/Diceware>
>>
>> See also:
>> <http://en.wikipedia.org/wiki/Password>
>> <http://en.wikipedia.org/wiki/Password_strength>
>> <http://en.wikipedia.org/wiki/Passphrase>
>
>An easier option is to go here: https://www.grc.com/passwords

Really bad idea. For example, see
<http://www.theregister.co.uk/2006/01/21/wmf_fud_from_grc/>.

--
Best regards, SEE THE FAQ FOR ALT.INTERNET.WIRELESS AT
John Navas <http://en.wikibooks.org/wiki/FAQ_for_alt.internet.wireless>

John Navas wrote:

>>An easier option is to go here: https://www.grc.com/passwords
>
>
> Really bad idea. For example, see
> <http://www.theregister.co.uk/2006/01/21/wmf_fud_from_grc/>.
>

OK, you seem to like slinging mud at Gibson for some reason but your
link says nothing about the subject which is passwords. Please elaborate
on how GRCs *password* generator is flawed.

[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

In <l7idndvT7tTXo6nZRVn-(E-Mail Removed)> on Wed, 05 Apr 2006 18:01:45 -0400,
George <(E-Mail Removed)> wrote:

>John Navas wrote:
>
>>>An easier option is to go here: https://www.grc.com/passwords
>>
>> Really bad idea. For example, see
>> <http://www.theregister.co.uk/2006/01/21/wmf_fud_from_grc/>.
>
>OK, you seem to like slinging mud at Gibson for some reason but your
>link says nothing about the subject which is passwords. Please elaborate
>on how GRCs *password* generator is flawed.

It's sufficient to note that Steve Gibson has been discredited numerous times.
Trusting his password generator is like hiring a repeat crook as a guard.

--
Best regards, SEE THE FAQ FOR ALT.INTERNET.WIRELESS AT
John Navas <http://en.wikibooks.org/wiki/FAQ_for_alt.internet.wireless>

John Navas <(E-Mail Removed)> writes:

>Q: How can I generate good strong passwords?

>A:

>* Password Safe* <http://passwordsafe.sourceforge.net/>
>(NOT <http://www.passwordsafe.com/>)
>Originally created by noted cryptographer Bruce Schneier of Counterpane Labs,
>it's open source and free, and has been subjected to extensive peer review.

I would still add a sentence like.
" Although primarily a program for storing passwords safely,
this also contains a password generation utility which makes the strongest
password consistant with the various restriction you place. By placing
inappropriate restrictions you can still make a weak password with this
program."


>* Diceware passphrase <http://world.std.com/~reinhold/diceware.html>
>A good way to create a strong, yet easy to remember passphrase.
>See also <http://en.wikipedia.org/wiki/Diceware>

>See also:
><http://en.wikipedia.org/wiki/Password>
><http://en.wikipedia.org/wiki/Password_strength>
><http://en.wikipedia.org/wiki/Passphrase>

John Navas wrote:

>> An easier option is to go here: https://www.grc.com/passwords
>
> Really bad idea. For example, see
> <http://www.theregister.co.uk/2006/01/21/wmf_fud_from_grc/>.
>

or http://www.grcsucks.com for the bigger picture of k00k Gibson

John Navas <(E-Mail Removed)> writes:

>[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

>In <(E-Mail Removed)> on Wed, 05 Apr 2006 20:53:44
>GMT, Doz <(E-Mail Removed)> wrote:

>>On Wed, 05 Apr 2006 16:40:56 GMT, John Navas wrote:
>>An easier option is to go here: https://www.grc.com/passwords

>Really bad idea. For example, see
><http://www.theregister.co.uk/2006/01/21/wmf_fud_from_grc/>.

Although I completely agree, that web page says nothing about the password generator.
However using a password generator controlled by someone else is always a
bad idea. and even more so here. HOw do you know he does not keep a list of
the IP address and the "random string" for each caller. How do you know
that the "random string" is not simply the IP address together with an
incremented counter run through a hash? And with the first 6 characters
that number? You do not.

On Thu, 06 Apr 2006 01:01:09 +0200, in alt.internet.wireless ,
Sebastian Gottschalk <(E-Mail Removed)> wrote:

>John Navas wrote:
>
>>> An easier option is to go here: https://www.grc.com/passwords
>>
>> Really bad idea. For example, see
>> <http://www.theregister.co.uk/2006/01/21/wmf_fud_from_grc/>.
>>
>
>or http://www.grcsucks.com for the bigger picture of k00k Gibson

Though its worth bearing in mind that there are different opinions,
and the internet is a great tool for spreading FUD about all sorts of
things.

Whether you like Gibson or not, and whether some of his ideas are
wrong or not, the at least of whats on grc.com is perfectly accurate.
Don't fall for any hype, either way. Make up your own mind.
Mark McIntyre
--

Mark McIntyre wrote:
> On Thu, 06 Apr 2006 01:01:09 +0200, in alt.internet.wireless ,
> Sebastian Gottschalk <(E-Mail Removed)> wrote:
>
>> John Navas wrote:
>>
>>>> An easier option is to go here: https://www.grc.com/passwords
>>> Really bad idea. For example, see
>>> <http://www.theregister.co.uk/2006/01/21/wmf_fud_from_grc/>.
>>>
>> or http://www.grcsucks.com for the bigger picture of k00k Gibson
>
> Though its worth bearing in mind that there are different opinions,
> and the internet is a great tool for spreading FUD about all sorts of
> things.

Gibson's work is FUD

> Whether you like Gibson or not, and whether some of his ideas are
> wrong or not, the at least of whats on grc.com is perfectly accurate.

Neither is is accurate nor correct nor does Gibson have any clue about it.