On Thursday 12 August 2010 15:01:12 Stroller wrote: > On 11 Aug 2010, at 21:30, Alan McKinnon wrote: > > ... > > My users pick their own passwords - I present a list of 5 from apg > > and let > > them pick one > > apg's results seem awfully unmemorable by default. > > I tend to prefer random password generators that create pronounceable > nonsense words, by stringing together random syllables, rather that > just letters. > > Do you know if apg can do that? I'm sure it's in the manpage, so > forgive me for not parsing it at this time of the morning.
Yes, it can do that. It's for that reason I use it. The command I use is: $ apg -m8 -x8 -MCNL Badnack9 VeOsFid5 JucWeac9 EowtUzt1 SceybEf8 ByejCys1 passwords are 8 chars simply because some elements of the environment have that limitation. As you can see, the passwords tend to be pronounceable. And many, many tests run have convinced me that the passwords have sufficient entropy to be good enough - good enough being defined as "john the ripper didn't brute force it in 48 hours" -- alan dot mckinnon at gmail dot com