LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-30-2013, 10:42 PM   #1
danimalz
Member
 
Registered: Jul 2005
Location: West Coast South, USA
Distribution: debian 3.1
Posts: 267

Rep: Reputation: 36
creating passwords


I am trying to come up with a way to create secure passwords thru a process.

Heres the idea, what do you think?

it is easy to associate an image file with a service. For example you could do a screenshot of a particular website. The resulting png file would be the reminder image. You'd do this for each different site you authenticate to.

Then, for added security, you'd have a single 'seed' file, this could also be an image (image of a seed, for ex.)

to generate a password, you could do:

cat file.png seed.jpg | md5sum

the result would be your password.

if you ever needed to change your passwords, you'd only need to regenerate them by using a different seed.jpg

The files themselves could be stored obscurely in whichever place you want or on a usb stick, etc.

what do you think?
 
Old 10-31-2013, 02:40 AM   #2
pan64
LQ Addict
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 21,687

Rep: Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274Reputation: 7274
the problem is that you need to have exactly the image anywhere, anytime (removing-modifying one single pixel will cause different checksum)
 
Old 10-31-2013, 04:47 AM   #3
nickmh
Member
 
Registered: Apr 2012
Distribution: xUbuntu
Posts: 42

Rep: Reputation: Disabled
Passwords?

Password Card any good to you?...

passwordcard.com
 
Old 10-31-2013, 07:10 AM   #4
saavik
Member
 
Registered: Nov 2001
Location: NRW, Germany
Distribution: SLES / FC/ OES / CentOS
Posts: 614

Rep: Reputation: 32
Quote:
Originally Posted by nickmh View Post
password card any good to you?...

Passwordcard.com
cool! Thx!
 
Old 10-31-2013, 06:19 PM   #5
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,610
Blog Entries: 4

Rep: Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905Reputation: 3905
There are also a variety of software "digital certificate" technologies ... such as OpenSSL ... which in fact can be used (and are used) for digital authentication as well as for encryption. There are many ways to issue unique, non-forgeable credentials ... "passwords" are passé ... and to use them in applications and so-forth.
 
Old 10-31-2013, 08:27 PM   #6
John VV
LQ Muse
 
Registered: Aug 2005
Location: A2 area Mi.
Posts: 17,622

Rep: Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651Reputation: 2651
pick a book you like
go to chapter ?
read the first line
-- remove blank spaces and capitalize the first letter of each word

that is the pass phrase


-- simple
 
Old 11-06-2013, 08:19 PM   #7
taylorkh
Senior Member
 
Registered: Jul 2006
Location: North Carolina
Distribution: CentOS 6, CentOS 7 (with Mate), Ubuntu 16.04 Mate
Posts: 2,127

Rep: Reputation: 174Reputation: 174
How about this...

Take some random binary file - a picture, mp3, executable, etc. uuencode the binary file to produce a file of printable characters. Parse out the desired number of columns. Change or two of the alphabetic characters to lower case (uuencode produces all caps) and this is your password list. I did this a while back to generate passwords for various on-line uses such as this forum. They look like decent passwords to me. Letters, numbers, special characters just like we are supposed to use.

Ken
 
Old 11-07-2013, 05:41 AM   #8
adampski
Member
 
Registered: Dec 2012
Posts: 37

Rep: Reputation: Disabled
Good idea, but...

Quote:
Originally Posted by John VV View Post
pick a book you like
go to chapter ?
read the first line
-- remove blank spaces and capitalize the first letter of each word

that is the pass phrase


-- simple
I think this idea is the best solution.

Other ideas put forward have heavy dependencies and assumptions that the contents of particular files (that are the composition of the password) do not change; where this can happen more often than you may think, due to corruption, accidental modification (not just by you but the OS and other users too) and simple carelessness.

I suggest simple carelessness because the OP suggested to combine two files and generate a checksum of the resulting value, in the CLI. Where your history and results are recorded and printed to your hard disk/display.

It's a good idea, but the risks out weigh the benefits and also has no difference to just having an encrypted password file.

Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. - Albert Einstein
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Creating groups, users, setting passwords gtrrockz84 Linux - Networking 1 01-06-2012 06:39 AM
LXer: Creating User Passwords LXer Syndicated Linux News 0 06-18-2010 09:20 PM
LXer: OpenLDAP Quick Tips: Creating encrypted passwords LXer Syndicated Linux News 0 11-19-2008 01:40 PM
Completely uninstalling MySQL and its passwords passwords...how? I locked myself out! Baix Linux - Newbie 2 01-30-2005 04:10 PM
creating encrypted passwords kidwired Linux - Security 3 01-12-2003 04:34 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration