Bitcoin Forum
December 02, 2016, 10:35:06 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2]  All
  Print  
Author Topic: A trick for long passwords in Linux  (Read 1845 times)
leeloulee
Member
**
Offline Offline

Activity: 98


View Profile
August 19, 2011, 05:14:10 AM
 #21

yeh

SGT longdong
1480718106
Hero Member
*
Offline Offline

Posts: 1480718106

View Profile Personal Message (Offline)

Ignore
1480718106
Reply with quote  #2

1480718106
Report to moderator
1480718106
Hero Member
*
Offline Offline

Posts: 1480718106

View Profile Personal Message (Offline)

Ignore
1480718106
Reply with quote  #2

1480718106
Report to moderator
1480718106
Hero Member
*
Offline Offline

Posts: 1480718106

View Profile Personal Message (Offline)

Ignore
1480718106
Reply with quote  #2

1480718106
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480718106
Hero Member
*
Offline Offline

Posts: 1480718106

View Profile Personal Message (Offline)

Ignore
1480718106
Reply with quote  #2

1480718106
Report to moderator
1480718106
Hero Member
*
Offline Offline

Posts: 1480718106

View Profile Personal Message (Offline)

Ignore
1480718106
Reply with quote  #2

1480718106
Report to moderator
1480718106
Hero Member
*
Offline Offline

Posts: 1480718106

View Profile Personal Message (Offline)

Ignore
1480718106
Reply with quote  #2

1480718106
Report to moderator
lazycodre
Newbie
*
Offline Offline

Activity: 25


GO BTC!


View Profile
September 04, 2011, 07:47:33 PM
 #22

yeh

I'll quote that just for fun!
TeaL
Jr. Member
*
Offline Offline

Activity: 56



View Profile
September 04, 2011, 08:14:53 PM
 #23

Using a hash of a password as a password is great if someone is trying generic brute-forcing tactics. Where it fails (as mentioned) is against a dictionary specifically built to use the hashed values of common words etc.. If you want to use a hash as a password (which you shouldn't as you limit yourself to Hex characters), you'd be better off using the hash of a file.

For example, lets say I have a file I keep just for this purpose (keep a backup obviously), I can take a hash of this file and use it as a password without fear of someone compiling a dictionary with that in it.

Try the following using the openssl library (works on Mac OS X).

Code:
openssl md5 PATH_TO_FILE

This should return you md5 hash of the file you selected.

Additionally, md5 password hashs can be broken fairly easily. With my 2 6990s I can pull 18Ghash/s in Whitepixel (that's 18 Billion password attempts per second).

To live is the rarest thing in the world, most people simply exist.
Helpful? ~ 1D3674hkatc4qQBjioWniF6epCmvAEQ45S
https://deepbit.net/userbar/4de68def8161972437000002_f1c525313c.png
Free as in Freedom.
ffuentes
Member
**
Offline Offline

Activity: 70


Only a curious passer-by / FirstBits: 13zsc1


View Profile WWW
September 05, 2011, 09:32:35 PM
 #24

Using a hash of a password as a password is great if someone is trying generic brute-forcing tactics. Where it fails (as mentioned) is against a dictionary specifically built to use the hashed values of common words etc.. If you want to use a hash as a password (which you shouldn't as you limit yourself to Hex characters), you'd be better off using the hash of a file.

For example, lets say I have a file I keep just for this purpose (keep a backup obviously), I can take a hash of this file and use it as a password without fear of someone compiling a dictionary with that in it.

Try the following using the openssl library (works on Mac OS X).

Code:
openssl md5 PATH_TO_FILE

This should return you md5 hash of the file you selected.

Additionally, md5 password hashs can be broken fairly easily. With my 2 6990s I can pull 18Ghash/s in Whitepixel (that's 18 Billion password attempts per second).

What do you recommend? Another kind of hash?

Listen Radio Libre (Electronica) Donate. (click for details).

Chilean peso VS BTC ahora: http://irage.ca/2btc.php?a=1&c=CLP&r=1

My bitcoin address
Bebop
Newbie
*
Offline Offline

Activity: 27



View Profile
September 05, 2011, 09:55:42 PM
 #25

If people used your MD5 tecnique without *advertising* it on forums, it might be safe. If you spead the word and advertise this tecnique to the point that it becomes popular (is this not the idea of the thread?) then its a weak implementation of secuity -- and for all the effort you invested in stuffing around with the command console, you would have been better off selecting a password in the AAAAbbbb#1111 format and *not* worrying about MD5.

★ The cure for boredom is curiosity
runeks
Legendary
*
Offline Offline

Activity: 924



View Profile WWW
September 05, 2011, 11:26:29 PM
 #26

Another way to create good-security and fairly easily remembered passwords in linux is using this command:

Code:
shuf -n <num-words> --random-source=/dev/urandom /usr/share/dict/words

where <num-words> is the number of dictionary words you want your password to consist of. My /usr/share/dict/words has about 98,000 words, which gives 16 bits of entropy per word. So let's say I create a password with 5 random words from this dictionary:

Code:
rune@runescomp:~$ shuf -n 5 --random-source=/dev/urandom /usr/share/dict/words
unwound
marrowing
jockey
illusion's
sacrament

I now have the password unwoundmarrowingjockeyillusion'ssacrament which has 80 bits of entropy, and isn't impossible to remember.
80 bits of entropy gives us about 10²⁴ possible combinations. Provided that passwords are stored as their MD5 hash and an attacker got hold of the MD5 hash (and he knew that he had to find five words from this particular dictionary), it'd take him about one millions years to finish, using 4 x HD 5970 graphics cards.

Of course, you can always choose fewer words, or use a dictionary that doesn't have words like "Ångström" and "prophylaxis". This could lower the entropy but make the passwords more easily rememberable. For example using six words from the Diceware wordlist, which would give you 78 bits of entropy but an easier to remember password.
RodeoX
Legendary
*
Offline Offline

Activity: 2100


The revolution will be monetized!


View Profile
September 06, 2011, 02:16:08 PM
 #27

Great thoughts here guys! I especially like the idea of using the Md5 of a file only you know. Kinda like the car CD players that only unlock when you put in the correct music CD. 

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf

Free bitcoin=https://bitcointalk.org/index.php?topic=1610684
Tarlusk
Newbie
*
Offline Offline

Activity: 5


View Profile
September 07, 2011, 08:16:27 PM
 #28

This is my favorite way of doing passwords now.

http://passphra.se/

It was inspired by an xckd comic (which was inspired by another article, I think). http://xkcd.com/936/

I would suggest using this website instead.

http://world.std.com/~reinhold/diceware.html
http://world.std.com/~reinhold/diceware.wordlist.asc

It does essentially the same thing, except that you do it yourself with a six-sided die.
That way your new password doesn't get sent over the internet in plaintext, and you don't have to trust the website that generated it.
Red Emerald
Hero Member
*****
Offline Offline

Activity: 742



View Profile WWW
September 30, 2011, 06:11:39 AM
 #29

This is my favorite way of doing passwords now.

http://passphra.se/

It was inspired by an xckd comic (which was inspired by another article, I think). http://xkcd.com/936/

I would suggest using this website instead.

http://world.std.com/~reinhold/diceware.html
http://world.std.com/~reinhold/diceware.wordlist.asc

It does essentially the same thing, except that you do it yourself with a six-sided die.
That way your new password doesn't get sent over the internet in plaintext, and you don't have to trust the website that generated it.

It's javascript. The only thing sent over the internet is the giant word list. The passwords are generated client side.

Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!