Excerpts from Simon McVittie's message of 2014-11-09 05:25:46 -0800: > On 09/11/14 08:21, Ben Finney wrote: > > * Package name : xkcdpass > ... > > A flexible and scriptable password generator which generates strong > > passphrases, inspired by XKCD 936: > > Does this have significant advantages over pwqgen, in the passwdqc package? > > How many bits of entropy does it typically produce? > > Example pwqgen output with default settings: > > % pwqgen > wary$Nobody5leafy
With that, I have to remember that Nobody is capitalized, and that the spaces are replaced by $ and 5. The other approach accepts that we are forgetful and so uses spaces. But it also has the weakness that if the approach and the separators are suspected, one can very cheaply run a dictionary attack before brute forcing random characters (and in fact this is what many password cracking tools do). If you add in random separators and capitalization that does nearly achieve the proclaimed complexity that the xkcd article was suggesting. So it seems to this lay-person that pwqgen is a better choice. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1415541625-sup-7...@fewbar.com
