[opensuse] Need random password generator for KDE/5
Back in the days of KDE4 on 13.2 I had this: https://store.kde.org/p/1001951/ and found it useful. I'm now on leap 42.2 and KDE5 (etc yamma yamma etc, you know the rest) and it doesn't seem to upgraded/available. I realise there are a number of on-line random password generators, and I do have one on my cell phone, but I'd really like that widget or an equivalent. Other than bugging the author of the above 9and he's been inactive a VERY long time so I wouldn't expect a response), are there any suggestions/alternatives OTS? -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/08/17 11:54, Anton Aylward wrote:
Back in the days of KDE4 on 13.2 I had this:
https://store.kde.org/p/1001951/
and found it useful.
I'm now on leap 42.2 and KDE5 (etc yamma yamma etc, you know the rest) and it doesn't seem to upgraded/available.
I realise there are a number of on-line random password generators, and I do have one on my cell phone, but I'd really like that widget or an equivalent.
Other than bugging the author of the above 9and he's been inactive a VERY long time so I wouldn't expect a response), are there any suggestions/alternatives OTS?
I use pwgen from the command line. It's not a plasma widget, but check it out, it may serve your needs! Best regards, -- Pablo Dotro Laboratorios de Enseñanza Departamento de Física - FCEyN - UBA -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Em Sáb, 2017-08-12 às 12:50 -0300, Pablo Dotro escreveu:
On 12/08/17 11:54, Anton Aylward wrote:
Back in the days of KDE4 on 13.2 I had this:
https://store.kde.org/p/1001951/
and found it useful.
I'm now on leap 42.2 and KDE5 (etc yamma yamma etc, you know the rest) and it doesn't seem to upgraded/available.
I realise there are a number of on-line random password generators, and I do have one on my cell phone, but I'd really like that widget or an equivalent.
Other than bugging the author of the above 9and he's been inactive a VERY long time so I wouldn't expect a response), are there any suggestions/alternatives OTS?
I use pwgen from the command line. It's not a plasma widget, but check it out, it may serve your needs! Best regards,
-- Pablo Dotro Laboratorios de Enseñanza Departamento de Física - FCEyN - UBA
I've never used a GUI/CLI password generator, always when I need, I use online ones. What I can suggest: 1) RANDOM.ORG - Password Generator https://www.random.org/passwords/ If you need passwords with just letters and numbers 2) Strong Random Password Generator http://passwordsgenerator.net/ If you also need symbols (e.g. @#$%) 3) How Secure Is My Password? https://howsecureismypassword.net To check your password's strength Antonio The Linux Kamarada Project https://kamarada.github.io/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/08/17 17:58, Linux Kamarada wrote:
I've never used a GUI/CLI password generator, always when I need, I use online ones.
I heavily recommend against this. You cannot really trust that the password you are given on that web page is not also stored by the provider of that web page. You could be semi-sure by turning off internet access during password generation (and thus relying solely on local JavaScript), but it's honestly a needless risk to take. pwgen is a perfectly good tool for this purpose. -- Carmen Bianca Bakker <carmen@carmenbianca.eu> PGP: 2A09 F627 39F6 DEC8 CFFC A216 CD0A 90F1 C5CA 0C92
On 12/08/17 12:24 PM, Carmen Bianca Bakker wrote:
On 12/08/17 17:58, Linux Kamarada wrote:
I've never used a GUI/CLI password generator, always when I need, I use online ones.
I heavily recommend against this.
I agree! It was why I asked.
You cannot really trust that the password you are given on that web page is not also stored by the provider of that web page. You could be semi-sure by turning off internet access during password generation (and thus relying solely on local JavaScript), but it's honestly a needless risk to take.
They might call us 'paranoid' but I think that is quite valid.
pwgen is a perfectly good tool for this purpose.
On thank you. I wasn't aware of that $ pwgen -c -n -y -s -B 18 1 noXPrJy7rNiVcVTf3t Ah, good! Well, that's one I won't use :-) -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/12/2017 11:24 AM, Carmen Bianca Bakker wrote:
On 12/08/17 17:58, Linux Kamarada wrote:
I've never used a GUI/CLI password generator, always when I need, I use online ones. I heavily recommend against this. You cannot really trust that the password you are given on that web page is not also stored by the provider of that web page. You could be semi-sure by turning off internet access during password generation (and thus relying solely on local JavaScript), but it's honestly a needless risk to take.
pwgen is a perfectly good tool for this purpose.
Amen! In the days of (it's all cracked or hacked), why on earth would you ever use an online password generator that may just be a front-end to cracklib, hashcat, John the ripper, etc... I can't think of a more troubling thing to do from a security standpoint than tell the internet-world "Hey, look here! I genning a new password!" pwgen is a good tool, but if you wanted to just use bash, you could do something hackish like: #!/bin/bash pwq() { local len=${1:-8} test "$len" -eq "$len" &>/dev/null || { printf "pwq() error: integer value required.\n" return } local a=( {a..z} ) a+=( {A..Z} ) a+=( {0..9} ) test "$2" = '-s' -o "$2" = '--symbol' && a+=( ! @ \# $ % ^ \& \* - _ = + ) local b=( $(printf "%s\n" ${a[@]} | shuf) ) local start=$(( $RANDOM % $(( ${#b[@]} - len)) )) for ((i = $start; i < $((start + len)); i++)); do printf "%c" ${b[i]} done echo "" } pwq "$@" That isn't the most random generator, but it isn't bad either (and optionally include symbols '!@#$%^&*-_=+' if the second argument passed is '-s' or '--symbol'.) e.g. $ bash pwquick.sh 2nYNDvjy $ bash pwquick.sh 12 tfrD0IxJ8mgp $ bash pwquick.sh 8 -s AYMWwb1^ $ bash pwquick.sh 12 -s +mGpEb@j7RVD -- David C. Rankin, J.D.,P.E.
I use apg. It generates semi "pronounceable" passwords. For my use case (manual backup for emergency use) I value the ability to make a good stab at typing in the password from reading it. -- __________________________________________________________________________ Josef Fortier Systems Administrator fortier@augsburg.edu Phone: 612-330-1479 __________________________________________________________________________ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-08-13 00:29, David C. Rankin wrote:
On 08/12/2017 11:24 AM, Carmen Bianca Bakker wrote:
On 12/08/17 17:58, Linux Kamarada wrote:
I've never used a GUI/CLI password generator, always when I need, I use online ones. I heavily recommend against this. You cannot really trust that the password you are given on that web page is not also stored by the provider of that web page. You could be semi-sure by turning off internet access during password generation (and thus relying solely on local JavaScript), but it's honestly a needless risk to take.
pwgen is a perfectly good tool for this purpose.
Amen!
In the days of (it's all cracked or hacked), why on earth would you ever use an online password generator that may just be a front-end to cracklib, hashcat, John the ripper, etc...
I can't think of a more troubling thing to do from a security standpoint than tell the internet-world "Hey, look here! I genning a new password!"
pwgen might send the password to somewhere, too ;-P A GUI is nicer, easier to chose the options without reading the manual. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
On 08/15/2017 01:59 PM, Carlos E. R. wrote:
pwgen might send the password to somewhere, too ;-P
A GUI is nicer, easier to chose the options without reading the manual.
Yep, granted, but at least with pwgen, you have the source, so you can spend a good 5 minutes to look through 6 very short c-sources to verify that "ET doesn't phone home" :) -- David C. Rankin, J.D.,P.E.
On 2017-08-15 23:15, David C. Rankin wrote:
On 08/15/2017 01:59 PM, Carlos E. R. wrote:
pwgen might send the password to somewhere, too ;-P
A GUI is nicer, easier to chose the options without reading the manual.
Yep, granted, but at least with pwgen, you have the source, so you can spend a good 5 minutes to look through 6 very short c-sources to verify that "ET doesn't phone home" :)
So I can use a web generator via Tor. Good luck them finding me :-p -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
On 08/15/2017 04:32 PM, Carlos E. R. wrote:
So I can use a web generator via Tor. Good luck them finding me :-p
After the latest election fiasco, I'm not sure tor is as anonymous as it was a year ago :) You even have ads running about "monitoring the dark web..." (which, for what it's worth, means they now at least can identify that there is more than one web...) -- David C. Rankin, J.D.,P.E.
On 15.08.2017 23:32, Carlos E. R. wrote:
On 2017-08-15 23:15, David C. Rankin wrote:
On 08/15/2017 01:59 PM, Carlos E. R. wrote:
pwgen might send the password to somewhere, too ;-P
A GUI is nicer, easier to chose the options without reading the manual.
Yep, granted, but at least with pwgen, you have the source, so you can spend a good 5 minutes to look through 6 very short c-sources to verify that "ET doesn't phone home" :)
So I can use a web generator via Tor. Good luck them finding me :-p
I don't think the problem lies in the password being traceable back to you. It's more the possibility that the password could end up in a dictionary, or hashes of the pw could be entered in some rainbow tables, thus providing an easy way to crack it. That would make a complex and hard to remember password just a bit too insecure... Similar concerns about online password strength checkers, of course... /Andreas -- Cahn's Axiom: When all else fails, read the instructions. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-08-16 11:45, Andreas Mahel wrote:
On 15.08.2017 23:32, Carlos E. R. wrote:
On 2017-08-15 23:15, David C. Rankin wrote:
On 08/15/2017 01:59 PM, Carlos E. R. wrote:
pwgen might send the password to somewhere, too ;-P
A GUI is nicer, easier to chose the options without reading the manual.
Yep, granted, but at least with pwgen, you have the source, so you can spend a good 5 minutes to look through 6 very short c-sources to verify that "ET doesn't phone home" :)
So I can use a web generator via Tor. Good luck them finding me :-p
I don't think the problem lies in the password being traceable back to you. It's more the possibility that the password could end up in a dictionary, or hashes of the pw could be entered in some rainbow tables, thus providing an easy way to crack it. That would make a complex and hard to remember password just a bit too insecure...
I seriously doubt it. The people creating the dictionary could as well just run the generator and feed it directly into the dictionary database, hundreds of entries per minute. They would gain nothing from this. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
On 16/08/17 05:45 AM, Andreas Mahel wrote:
So I can use a web generator via Tor. Good luck them finding me :-P
I don't think the problem lies in the password being traceable back to you. It's more the possibility that the password could end up in a dictionary, or hashes of the pw could be entered in some rainbow tables, thus providing an easy way to crack it. That would make a complex and hard to remember password just a bit too insecure...
If we are going to be that paranoid.... We are all aware of the hacks that are based on HTML email that prompts you to check your bank account but actually is a link to a rouge site. The rogue site presents you with a login page that looks exactly the same as the banks. You enter your ID and password and it says '!FAIL!" and redirects you to the real one, where you try again succeed and everything looks copacetic, so you have no suspicions. But along the way they have a record of your login id and password. Variations on this involving the password generator, password strength or some kind of front-end shim might be of varying difficulty to implement, but hackers have shown a great deal of creativity and ingenuity, and corporations have shown a great deal of stupidity and intransigence. I'm seeing front page articles in IT news reporting that major corporations are still not fixing defences against WannCry or even much older malware. One might say "a pox on them" if one were of a Shakespearian ilk, but if I were to use a 2oth or 21st century idiom this mail would probably get filtered out and I might get banned. But you now what I mean. The problem is that their customers are the one that would suffer for this shortcoming. Their customers are the ones whose accounts get ravaged, suffer actual loss, get identities stolen and all that means. The corporations, even if they are serious financial concerns, get a slap on the proverbial wrist, a fine, the cost of which they pass along to their customers, and if the stock price is affected it it a passing glitch. Demonstrating on the streets, even at the multi-million turn-out level, isn't going to affect this sort of thing. https://www.newyorker.com/magazine/2017/08/21/is-there-any-point-to-protesti... What? Off-topic? OK. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (8)
-
Andreas Mahel -
Anton Aylward -
Carlos E. R. -
Carmen Bianca Bakker -
David C. Rankin -
Josef Fortier -
Linux Kamarada -
Pablo Dotro