How you can create Strong Passwords

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
9,381
Reaction score
7,522
Credits
64,190
1723800939037.png


This was published on Reddit

Below....a more up to date image

1723805035588.png
 
Last edited:


Code:
date | sha256sum
Provides a pretty random string of 68 characters (lower case and digits only). Change a few to upper case, add a special character or two, and you should have a good password for the rest of your life.

Too much? Try date | md5sum for only 36 characters.

Not enough? Try date | sha512sum for 132 characters.

The date command may possibly vary its output format among different distros, so the number of characters may vary from what Linux Mint provided above. If you want to count the characters easily, pipe any of the above commands into wc -m, like so:
Code:
date | sha256sum | wc -m
 
I use pwgen. It's included in most distro repos.

pwgen -sy 14 1

That creates a password 14 characters long, upper and lower, with numbers and special character.
These are initially difficult to remember, but after usually after a day or two I start remembering them.

pwgen 60 4

will create four passwords, each 60 characters long.
 
@JasKinasis helped me many years ago to make a bash script that generates passphrases instead of passwords. It attempts to perform like Diceware, but it uses the EFF long word list instead. It works well and asks the user how many words to use. Here it is below, if anyone wants to check it out (4 files, all text). Run with ./dice in the folder where you unzip it.
 

Attachments

  • diceware.zip
    94.9 KB · Views: 38
I usually create a 128 character password although not bullet proof I believe it would take a bit to crack.
Perhaps a little overkill.
Perhaps not nowadays.

 
I usually create a 128 character password although not bullet proof I believe it would take a bit to crack.
Perhaps a little overkill.
Perhaps not nowadays.

Do you type 128 characters every time or you paste it?
 
Exactly! that's why passwords should be generated by password managers, because they do so in their private memory.
Right, but you type the master password... That's the major reason we are here and we don't use Windows, all security measures are stupid in their realm
 
This is how I tell people to make a strong password,
1] select two or three unassociated words you can remember, do not use family or pet names, favourite sports teams or anything else you favour
2] Capitalise two or three of the letters but not the initial letters of each word
3] change some letters for numbers [that you can remember
4] add some wild cards [symbols]

example, I will choose orange and tarmac as my starting words
now capitalise two letters
oraNgetarMac
now change some of the letters to numbers
0r4Nge7arMac now add Wilde cards
0ra-nge7ar_Mac/~

and you have a very strong password




 
Do we have keyloggers in Linux
The answer is yes there are ways of installing a keylogger , but it is extremely rare, as it can only be installed with Su privileges, by whomever is using a given machine
 
That's why password managers have virtual keyboard, it's there for you to use it to type in master password rather than using keyboard ;)
The password manager I use doesn't have virtual keyboard... Which do you use?
(i use bitwarden)
 
Last edited:
That's bad because virtual keyboard is essential.

I use password Safe:

It has it's own virtual keyboard on Windows, but on Linux it will reuse system installed one which on my system is xvkbd
Now that you mentioned it is seems to me essential indeed, but bitwarden doesn't think so
 
Last edited:
Linux key loggers needs to have root access before they can monitor the keyboard. If they don't gain that privilege, they can't run a key logger.
 


Top