Q: How can I generate good strong passwords?
A:
* Password Safe*
(NOT
Originally created by noted cryptographer Bruce Schneier of Counterpane Labs,
it's open source and free, and has been subjected to extensive peer review.
* Diceware passphrase
A good way to create a strong, yet easy to remember passphrase.
See also
See also:
On Wed, 05 Apr 2006 16:40:56 GMT, John Navas wrote:
> Q: How can I generate good strong passwords?
>
> A:
>
> * Password Safe*
> (NOT
> Originally created by noted cryptographer Bruce Schneier of Counterpane Labs,
> it's open source and free, and has been subjected to extensive peer review.
>
> * Diceware passphrase
> A good way to create a strong, yet easy to remember passphrase.
> See also
>
> See also:
>
>
>
An easier option is to go here: https://www.grc.com/passwords
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
In <48ok4hib63cn.1lim0arraqti.dlg@40tude.net> on Wed, 05 Apr 2006 20:53:44
GMT, Doz
>On Wed, 05 Apr 2006 16:40:56 GMT, John Navas wrote:
>
>> Q: How can I generate good strong passwords?
>>
>> A:
>>
>> * Password Safe*
>> (NOT
>> Originally created by noted cryptographer Bruce Schneier of Counterpane Labs,
>> it's open source and free, and has been subjected to extensive peer review.
>>
>> * Diceware passphrase
>> A good way to create a strong, yet easy to remember passphrase.
>> See also
>>
>> See also:
>>
>>
>>
>
>An easier option is to go here: https://www.grc.com/passwords
Really bad idea. For example, see
--
Best regards, SEE THE FAQ FOR ALT.INTERNET.WIRELESS AT
John Navas
John Navas wrote:
>>An easier option is to go here: https://www.grc.com/passwords
>
>
> Really bad idea. For example, see
>
>
OK, you seem to like slinging mud at Gibson for some reason but your
link says nothing about the subject which is passwords. Please elaborate
on how GRCs *password* generator is flawed.
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
In
George
>John Navas wrote:
>
>>>An easier option is to go here: https://www.grc.com/passwords
>>
>> Really bad idea. For example, see
>>
>
>OK, you seem to like slinging mud at Gibson for some reason but your
>link says nothing about the subject which is passwords. Please elaborate
>on how GRCs *password* generator is flawed.
It's sufficient to note that Steve Gibson has been discredited numerous times.
Trusting his password generator is like hiring a repeat crook as a guard.
--
Best regards, SEE THE FAQ FOR ALT.INTERNET.WIRELESS AT
John Navas
John Navas
>Q: How can I generate good strong passwords?
>A:
>* Password Safe*
>(NOT
>Originally created by noted cryptographer Bruce Schneier of Counterpane Labs,
>it's open source and free, and has been subjected to extensive peer review.
I would still add a sentence like.
" Although primarily a program for storing passwords safely,
this also contains a password generation utility which makes the strongest
password consistant with the various restriction you place. By placing
inappropriate restrictions you can still make a weak password with this
program."
>* Diceware passphrase
>A good way to create a strong, yet easy to remember passphrase.
>See also
>See also:
>
>
>
John Navas wrote:
>> An easier option is to go here: https://www.grc.com/passwords
>
> Really bad idea. For example, see
>
>
or http://www.grcsucks.com for the bigger picture of k00k Gibson
John Navas
>[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
>In <48ok4hib63cn.1lim0arraqti.dlg@40tude.net> on Wed, 05 Apr 2006 20:53:44
>GMT, Doz
>>On Wed, 05 Apr 2006 16:40:56 GMT, John Navas wrote:
>>An easier option is to go here: https://www.grc.com/passwords
>Really bad idea. For example, see
>
Although I completely agree, that web page says nothing about the password generator.
However using a password generator controlled by someone else is always a
bad idea. and even more so here. HOw do you know he does not keep a list of
the IP address and the "random string" for each caller. How do you know
that the "random string" is not simply the IP address together with an
incremented counter run through a hash? And with the first 6 characters
that number? You do not.
Doz
> An easier option is to go here: https://www.grc.com/passwords
And you should not. Please read: <43ef38e1@news.uni-ulm.de>
http://grcsucks.com
Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain
George
> Please elaborate
> on how GRCs *password* generator is flawed.
I did this on <43ef38e1@news.uni-ulm.de>
BTW: a password generator on a web page is a crazy idea anyways.
Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain
On Thu, 06 Apr 2006 01:01:09 +0200, in alt.internet.wireless ,
Sebastian Gottschalk
>John Navas wrote:
>
>>> An easier option is to go here: https://www.grc.com/passwords
>>
>> Really bad idea. For example, see
>>
>>
>
>or http://www.grcsucks.com for the bigger picture of k00k Gibson
Though its worth bearing in mind that there are different opinions,
and the internet is a great tool for spreading FUD about all sorts of
things.
Whether you like Gibson or not, and whether some of his ideas are
wrong or not, the at least of whats on grc.com is perfectly accurate.
Don't fall for any hype, either way. Make up your own mind.
Mark McIntyre
--
Mark McIntyre wrote:
> On Thu, 06 Apr 2006 01:01:09 +0200, in alt.internet.wireless ,
> Sebastian Gottschalk
>
>> John Navas wrote:
>>
>>>> An easier option is to go here: https://www.grc.com/passwords
>>> Really bad idea. For example, see
>>>
>>>
>> or http://www.grcsucks.com for the bigger picture of k00k Gibson
>
> Though its worth bearing in mind that there are different opinions,
> and the internet is a great tool for spreading FUD about all sorts of
> things.
Gibson's work is FUD
> Whether you like Gibson or not, and whether some of his ideas are
> wrong or not, the at least of whats on grc.com is perfectly accurate.
Neither is is accurate nor correct nor does Gibson have any clue about it.
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
In
+0100, Mark McIntyre
>On Thu, 06 Apr 2006 01:01:09 +0200, in alt.internet.wireless ,
>Sebastian Gottschalk
>
>>John Navas wrote:
>>
>>>> An easier option is to go here: https://www.grc.com/passwords
>>>
>>> Really bad idea. For example, see
>>>
>>>
>>
>>or http://www.grcsucks.com for the bigger picture of k00k Gibson
>
>Though its worth bearing in mind that there are different opinions,
>and the internet is a great tool for spreading FUD about all sorts of
>things.
>
>Whether you like Gibson or not, and whether some of his ideas are
>wrong or not, the at least of whats on grc.com is perfectly accurate.
Sorry, but it's not, as the link above makes amply clear.
>Don't fall for any hype, either way. Make up your own mind.
Sure. Just be sure to do your homework, thoroughly, before doing so.
--
Best regards, SEE THE FAQ FOR ALT.INTERNET.WIRELESS AT
John Navas
Mark McIntyre
> Whether you like Gibson or not, and whether some of his ideas are
> wrong or not, the at least of whats on grc.com is perfectly accurate.
I allready critisized his "password generator". He is infamous for the
raw socket nonsense, which lead into the bad situation we have today
with Windows XP. And most of the other things I'm reading of him are at
least questionable. I'm reminding of the unspeakable horseplay of
"stealthing", for example.
Yours,
VB.
--
At first there was the word. And the word was Content-type: text/plain
Sebastian Gottschalk wrote:
> Mark McIntyre wrote:
>
>>On Thu, 06 Apr 2006 01:01:09 +0200, in alt.internet.wireless ,
>>Sebastian Gottschalk
>>
>>
>>>John Navas wrote:
>>>
>>>
>>>>>An easier option is to go here: https://www.grc.com/passwords
>>>>
>>>>Really bad idea. For example, see
>>>>
>>>>
>>>
>>>or http://www.grcsucks.com for the bigger picture of k00k Gibson
>>
>>Though its worth bearing in mind that there are different opinions,
>>and the internet is a great tool for spreading FUD about all sorts of
>>things.
>
>
> Gibson's work is FUD
>
>
>>Whether you like Gibson or not, and whether some of his ideas are
>>wrong or not, the at least of whats on grc.com is perfectly accurate.
>
>
> Neither is is accurate nor correct nor does Gibson have any clue about it.
And you are the one who winds up in the kill file!
Mark McIntyre
>On Thu, 06 Apr 2006 01:01:09 +0200, in alt.internet.wireless ,
>Sebastian Gottschalk
>>John Navas wrote:
>>
>>>> An easier option is to go here: https://www.grc.com/passwords
>>>
>>> Really bad idea. For example, see
>>>
>>>
>>
>>or http://www.grcsucks.com for the bigger picture of k00k Gibson
>Though its worth bearing in mind that there are different opinions,
>and the internet is a great tool for spreading FUD about all sorts of
>things.
>Whether you like Gibson or not, and whether some of his ideas are
>wrong or not, the at least of whats on grc.com is perfectly accurate.
I have no idea what this sentence means. What is an "at least of whats"?
However if you are implying that
using his system to generate a password for you is safe and secure, then
what is on his page is far from accurate. It is highly insecure, and is
close to the dumbest thing you can do. (Maybe posting your password on your
blog is worse, but I am not sure).
>Don't fall for any hype, either way. Make up your own mind.
>Mark McIntyre
>--