On Fri, Mar 12, 2010 at 11:23 AM, Steve Holdoway <st...@greengecko.co.nz> wrote:
> On Fri, 2010-03-12 at 11:17 +1300, Jim Cheetham wrote:
>> and a key is around 700 typeable characters ... set up keys, not
>> passwords!
> ... or passphrases, not passwords?
Well, you probably should be using passphrases instead of passwords in
many places. Passphrases work well for login, for example, and a
passphrase of equivalent entropy to a complex password is generally
much much easier to remember.
As a quick aside, here's a nice method: grab random numbers from
random.org, and look them up on a wordlist using the diceware.com
method ...
#!/bin/sh
# diceware ... generate a passphrase by combining RANDOM.ORG
# with the diceware method, on the Beale wordlist
WORDS=${1:-5}
RANDOM='http://www.random.org/integers/?num=5&min=1&max=6&col=5&base=10&format=plain&rnd=new'
for i in $(seq 1 $WORDS)
do
FIVEd6=$(/usr/bin/GET $RANDOM | tr -d '\t')
grep $FIVEd6 $HOME/stash/docs/beale.wordlist.asc
done
$ diceware
55112 spits
61243 toni
14544 boot
56251 tamer
15221 broad
(Beware whenever you see variable names like "FIVEd6" ... you are
dealing with a roleplayer, possibly a D&Der ... lol)
However, joking aside ... while a passphrase may be a few times longer
than a password, it's still nothing compared with a key. Put a decent
passphrase on the private key, sure ... but that's not anything to do
with what the server sees on ssh login. And even that is slightly
undone by Ubuntu's helpful key agent, that autoloads everything in
~/.ssh and offers to remember that long passphrase for you ...
-jim
