[Cryptography] "Strong" passwords too clever by half...
Viktor Dukhovni
cryptography at dukhovni.org
Mon Sep 30 19:16:30 EDT 2019
> On Sep 30, 2019, at 5:32 PM, Dave Horsfall <dave at horsfall.org> wrote:
>
> At least one web page I use does not accept "_" as a non-alpha... It wants a mixture of alphas, non-alphas, digits, and at least 8 chars long.
For a 94 bit password, with a guaranteed final punctuation mark:
$ openssl rand -base64 12 | perl -lpe 's/(.)$/chr(ord($1)&0x0f|0x20)/e; s/ $/~/'
With the possible final punctuation characters:
20 ~ 21 ! 22 " 23 # 24 $ 25 % 26 & 27 '
28 ( 29 ) 2a * 2b + 2c , 2d - 2e . 2f /
FWIW, my Android keyboard has "^" in two places. Holding down "t"
produces a pop-up list with "^" as one of the options. The other
way is to switch to the non-alphabetic (numeric) set, and then the
secondary non-alphabetic set, where "^" is directly available.
But the above recipe will never generate "^", just alphabet letters,
numbers and the above punctuation. The output is 16 characters which
is not infrequently an upper bound on the allowed password length.
--
Viktor.
More information about the cryptography
mailing list