On 27/09/14 11:56, John R Pierce wrote:
On 9/26/2014 4:40 PM, John R Pierce wrote:
I'd consider using `mkpasswd -l 15 -s 0` just to avoid any such
problems. 15 random alphanumerics is already plenty complex,
62^15th possible combinations, without needing to mix in special
characters.
$ mkpasswd -l 15 -s 0
eec1kj7ZsthlYmh
btw, thats 768,909,700,000,000,000,000,000,000 possible passwords. 768
septillion, using the aamerican 'short scale' naming convention. if
you could brute force try 10000/second, it would merely take
24,365,800,000,000 centuries (24 trillion).
So do you think a password like *Nxw7TnC2^}%(}tEz* is strong enough? :-)
I developed a Java program that generates 20 passwords (each of 16
characters) at a time, I've attached it for anyone who might be
interested. I have put it under the GPL version 3, but I might consider
releasing under other licences.
Cheers,
Gavin
package gcf.misc;
/**
* Copyright © 2012 Gavin C. Flower
*
* author: gavin.flo...@archidevsys.co.nz
*
* This program is free software: you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation, either version 3 of the License, or (at your option) any later
* version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* For full details of the license see <http://www.gnu.org/licenses/>.
*/
import java.security.SecureRandom;
public class AppPasswordGenerator
{
private final static int PASSWORD_LENGTH = 16;
private final static int MAX_INDEX = PASSWORD_LENGTH - 1;
/*
* We avoid ambiguous characters, so you won't get 'I1|l', 'B8', 'S5', or
* 'O0' being produced
*/
private static String DIGITS = "23456789";
private static String SPECIAL = "!@#$%^&*()_+{}[]<>.:";
private static String UPPER = "ACDEFGHJKLMNPQRTVWXY";
private static String LOWER = "abcdefghijklmnopqrstuvwxyz";
private static String FULL = DIGITS + SPECIAL + UPPER + LOWER;
private final StringBuilder SB = new StringBuilder(PASSWORD_LENGTH);
SecureRandom secureRandom = new SecureRandom();
AppPasswordGenerator()
{
/*
* This is way more complicated than it needs to be for the current
* application, but it was fun coding it!
*
* The use of sin() & exp() introduce a semirandom delay in obtaining
* the current time in nano seconds as well as returning values to act
* as additional randomising factors.
*/
long nanoA = System.nanoTime();
double sinVal = Math.sin(nanoA);
long nanoB = System.nanoTime();
double expVal = Math.exp(sinVal);
long nanoC = System.nanoTime();
int shift = (int) nanoB & 0x3F;
long rotation = Long.rotateRight(nanoC, shift);
long rawBits = Double.doubleToRawLongBits(expVal);
long seed = rotation ^ rawBits;
secureRandom.setSeed(seed);
// System.out.printf(" nanoA: %016X\n", nanoA);
// System.out.printf(" sinVal: %16.13f\n", sinVal);
// System.out.printf(" nanoB: %016X\n", nanoB);
// System.out.printf(" expVal: %16.13f\n", expVal);
// System.out.printf(" nanoC: %016X\n", nanoC);
// System.out.printf(" shift: %16d\n", shift);
// System.out.printf(" rawBits: %016X\n", rawBits);
// System.out.printf(" rotation: %016X\n", rotation);
// System.out.printf(" seed: %016X\n", seed);
// System.out.printf("FULL.length(): %16d\n", FULL.length());
}
public static void main(String[] args)
{
AppPasswordGenerator appPasswordGenerator = new AppPasswordGenerator();
appPasswordGenerator.go();
}
private void go()
{
assert PASSWORD_LENGTH > 5; // Actually, later code assume 16...
for (int i = 0; i < 20; i++)
{
printAPassword();
}
}
private void printAPassword()
{
addChar(DIGITS);
addChar(DIGITS);
addChar(SPECIAL);
addChar(UPPER);
addChar(LOWER);
for (int ii = SB.length(); ii < PASSWORD_LENGTH; ii++)
{
addChar(FULL);
}
// Randomise password characters
for (int index_a = 0; index_a < PASSWORD_LENGTH; index_a++)
{
char ca = SB.charAt(index_a);
int index_b = secureRandom.nextInt(PASSWORD_LENGTH);
char cb = SB.charAt(index_b);
SB.setCharAt(index_b, ca);
SB.setCharAt(index_a, cb);
}
// Ensure the last character is not a digit
while (Character.isDigit(SB.charAt(MAX_INDEX)))
{
int index = secureRandom.nextInt(MAX_INDEX);
char ca = SB.charAt(MAX_INDEX);
char cb = SB.charAt(index);
SB.setCharAt(index, ca);
SB.setCharAt(MAX_INDEX, cb);
}
String pw1 = SB.substring(0, 4);
String pw2 = SB.substring(4, 8);
String pw3 = SB.substring(8, 12);
String pw4 = SB.substring(12, 16);
System.out.printf("%s %s %s %s\n\n", pw1, pw2, pw3, pw4);
SB.setLength(0);
}
private void addChar(String pCharacters)
{
int index = secureRandom.nextInt(pCharacters.length());
char c = pCharacters.charAt(index);
SB.append(c);
}
}
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general