PWGEN USAGE PASSWORD
It will allow you to compute the same password later, if you remember the file, seed, and pwgen’s options used. H, –sha1=/path/to/file = Will use the sha1′s hash of given file and the optional seed to create password. This is the default if the standard output is a tty device. n, –numerals = Include at least one number in the password. This defaults to a screenful if passwords are printed by columns, and one password. N, –num-passwords=num = Generate num passwords. C = Print the generated passwords in columns. c, –capitalize = Include at least one capital letter in the password. It may be useful for users who have bad vision, but in general use of this option is not recommended. This reduces the number of possible passwords significantly, and as such reduces the quality of the passwords. B, –ambiguous = Don’t use characters that could be confused by the user when printed, such as ‘l’ and ’1′, or ’0′ or ‘O’. a, –alt-phonics = This option doesn’t do anything special it is present only for backwards compatibility. A, –no-capitalize = Don’t bother to include any capital letters in the generated passwords. 1 = Print the generated passwords one per line. 0, –no-numerals = Don’t include numbers in the generated passwords. For example, to get a 12-character password, use pwgen 12, and the utility will spit out a set of 120 possible passwords from which to choose (six columns, 20 rows). The default should be fine for most users. It uses a random pool to gather entropy from user inputs and system parameters as well as text encryption.
PWGEN USAGE GENERATOR
You'd need to go with a 12 characters minimum, adding more characters to satisfy your particular paranoia and future-proofing preferences.Pwgen – PWGen is a password generator capable of creating large amounts of cryptographically secure random passwords or passphrases (from word lists). If this pool of pwgen passwords is 15% of the total lowercase possibilities (I have no idea what it actually is) then 11 characters would probably not be a sufficient minimum length. So theoretically an attacker could identify only the possible passwords generated by pwgen and target those in their password cracking attempts to save time. This probably causes a significant reduction in the number of possible passwords out of the total pool of lowercase random passwords. My understanding of pwgen is that, by default, it doesn't randomly create the passwords and instead attempts to structure them in a more memory friendly arrangement of consonants and vowels. I will caution that these estimates assume attackers must use brute-force attacks (even if against a restricted selection of characters, like lowercase) to guess your password.
You can quickly increase strength by adding more length as your memory (or password policies) allow. With online accounts you often don't know what type of hashing they implemented so the safe bet is to assume fast hashes.īy my estimates, moving to a minimum password length of 11 characters for slow hashes and a minimum of 14 characters for fast hashes should help offset the weakness of using passwords constructed with only lowercase characters. Your password manager and disk encryption should be using these slower hashing algorithms for key derivation.
PWGEN USAGE CRACKED
If this same password is stored using a stronger hashing algorithm (scrypt, bcrypt, argon2, etc.) then it might be cracked using a brute-force against only lowercase letters but probably not by a full brute force against all characters (because it would take too long).
PWGEN USAGE OFFLINE
A password created with pwgen defaults (all lowercase letters, 8 in length) stored using a fast hash (MD5 or SHA1) could be offline brute-force cracked with a single modern GPU in anywhere from a few minutes (just trying lowercase) up to around 9 days against all characters (trying lowercase, uppercase, numbers, symbols). It's somewhat hard to quantify what is a 'real security risk'.
0 kommentar(er)
