13 February, 2011

choosing a password

many sites want a password. for a lot of middle-to-low security accounts, I keep a(n encrypted) database of passwords on my computer, rather than making them memorable or using the same one on all. So I cut and paste each password and don't care about it being easily typable. To generate the passwords, I use a command-line like this:

$ cat /dev/random | strings -n 16
6B!'X@Q{@QQ LZB?
hZ if=A2u3;-S]v?P


  1. DoE password requirements:
    - at least 8 chars
    - non-number in first and last position
    - at leat one number in the remainder

    so i do something similar except I filter it through grep:

    egrep '^[^0-9].*[0-9].*[^0-9]$'

  2. > - non-number in first and last position

    Always good to have entropy-reducing rules in your password policy ;)

  3. yeah, no kidding. i suspect that rule is there to prevent "password123" or "123password" but come on...