Password Generator(beta.browxy.com) |
Password Generator(beta.browxy.com) |
I recommend not using it.
Using 'tr -dc A-Za-z0-9 < /dev/urandom | head -c $length' is more secure and available on your linux or osx machine even more easily than waiting a second for a server to run some java off in a magic black box.
Yes, it would be better to remember random characters of the same length. But most people don't. I personally have one password I use to sign into 1password and a small other set of critical services, and longer random passwords for everything else. I personally don't worry about nation state adversaries so I can make myself less vulnerable to mass automated attacks and targeted attacks by non-experts. It's important to remember not to let perfect be the enemy of the good, and important not to discount the cost of DOSing yourself. I reduced my security after I lost access to something of value.
sort --random-sort /usr/share/dict/words | head -n 4 | tr -d '\n'
You may wish to omit words that have "'" characters, in which case you may throw in a grep -v "'" after the sort.
perl -MList::Util=shuffle -0ane 'print ((shuffle @F)[0..3],"\n")' < /usr/share/dict/wordsYour comment reminds me of the infamous Dropbox comment: https://news.ycombinator.com/item?id=9224
I'm sure there are secure websites to do it too. This isn't it though.
The dropbox comment isn't relevant. It's a bias to say "I remember this thing was criticized in a similar way but succeeded" and map that on to "so other criticisms aren't valid".
It's far more often than things seem unlikely to succeed to critics, and then quietly fail than that things seem unlikely to succeed to critics, but then succeed. After all, almost everything ever made doesn't see widespread success.
Our brain does remember the latter cases more, and that leads to the bias.
I see it most commonly with the phrase "X started out small too" as a defence for why something small will grow to something big, when in reality that's cherry picking massively.
Today, keepass does the job just fine.
</dev/urandom tr -dc 23456789~*@#$%_+-=qwertQWERTasdfgASDFGzxcvbZXCVB | head -c13; echo ""
Such websites have to be audited every single time you use it. Even if I only have a web browser and nothing else I would combine random.org and diceware.com instead of trusting some website.
As a side note, I'm guessing grep had -v before it became a standard for verbose? That's one of the hardest parts: it seems open source tools never change UI to help new users at the expense of old ones having to change workflows. A valid way of doing it, and as someone who's never contributed to anything open source I have no place to criticize. Just saying makes it harder. (And I'm realizing I haven't used any closed source software from a comprable time, so I have no idea if this is FOSS-specific)
edit: This stack exchange seems to relevant https://stackoverflow.com/questions/45326901/lazy-non-buffer...
I don't think grep was originally open source. FWIW, the nemonic for -v on grep is inVert. I'm so happy that --long_options are a thing nowadays, much more readable.
Forgive me if I don't trust my password generation on the servers of someone who is either sock-puppeting, or having a friend do something that does not look all that different.
Even if I trust the person who runs the browxy website and servers, I don't trust my password generation to a multi-tenet environment. Browxy is running this code in docker containers on a machine with many other docker containers running arbitrary user-submitted code. The intel vulnerabilities over the past year or so have made it incredibly clear that running sensitive code on the same CPU as totally untrusted and possibly malicious code is a dangerous proposition and there are numerous potential side channels to exfiltrate data.
Trusting password generation to a website that generates passwords on a shared machine is even worse than the usual password generation website which at least uses javascript/securerandom to do it on my CPU.
One small comment: the password I remember is the password I type, or I run into issues. If the sentence has "the" and plurals, so will the password.
(This password I generated was only used as a master and for a handful of key services)
That's the correct position to hold. Note that my readme makes you read through big fat warnings and security considerations before getting to installation and usage instructions.
From the perspective of someone who's just getting started with learning to code, perl seems like a pile of spermaceti: was once very important, could be turned into beautifully smelling products so long as you didn't pay too much attention to the production process, and no longer needed because of modern synthetics :)
But I've only ever read people mocking perl, never built anything with it. It appears immensely powerful, but collapsing arrays by default makes no sense at all.
I think most of the people who were into Perl for the "beauty" ended up going to ruby.
People who were into it for CPAN went to python.
You might find this interesting, as you can see the spirit is alive and well: https://github.com/learnbyexample/Command-line-text-processi...
ruby -0ane 'print $F.shuffle[0..3].join,"\n"' < /usr/share/dict/words
If you're intrigued by the idea of perl one-liners, go explore ruby.raku -e 'say lines.pick(4).join' < /usr/share/dict/words
Don't worry too much about the meta-narrative about the culture associated with each of the languages. The surveillance state is being built with python, but a lot of hardware hackers prefer python too. Ruby is praised for its flexibility, but its most successful project is literally called "Ruby on Rails" because it tells you exactly how to do everything.
The way people feel about languages goes in cycles, so it's good to be aware of it, but you can mostly ignore it. Use the best tools for the job. If the job is making computers do things, the best tool is unix :)
I bought an rpi, but could never figure out something to do with it. Any suggestions?
My feeling with languages is that they may go in cycles but it'd be useful to learn either something with a completely different conceptual model (Lisp) or requiring me to understand pointers. But I'd been thinking about trying to lean Unix instead lately.
I feel like I'm pointing a flashlight around a cave with Linux systems. Any advise for some systemic learning? My cs curriculum won't cover anything that applied.
If you don't know either of them yet, I'd suggest vim ;)
> I bought an rpi, but could never figure out something to do with it. Any suggestions?
Pi-hole is a super popular project, maybe give that a try.
> or requiring me to understand pointers
Maybe learn to do some old-school stack smashing? https://insecure.org/stf/smashstack.html
There are a bunch of CTFs out there you can play with that help build skills.
> I feel like I'm pointing a flashlight around a cave with Linux systems. Any advise for some systemic learning?
Sounds like you're on the right path :)
Maybe try doing http://www.linuxfromscratch.org/lfs/read.html if you really want a deep understanding of how Linux works.
Also, just browsing the Linux documentation is useful: https://www.kernel.org/doc/html/latest/
I'll take a look at your links, but I don't think RTFMing will be super useful to me right now. I want to learn the kind of questions I should be asking. For example, I recently heard the words "selinux" and "apparmour". Now that I know them I can Google around and eventually figure out how to use apparmour, but I'm more worried about what other gotchas I've never thought of. Any advise for something less comprehensive than the docs, with more of a focus on what works nowadays?
Thank you!
You can see that both AppArmor and SELinux are part of the "Linux Security Module" framework.
If you know what's in the table of contents on the left, particularly "The Linux kernel user’s and administrator’s guide", you'll have a pretty good idea of how Linux hangs together: https://www.kernel.org/doc/html/latest/admin-guide/index.htm...