Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is it possible to use simple and easy-to-remember passwords and still maintain security?
Yes it possible by this: some web address
This is not a random password generator!
The user sets his own rule, and based on it, an algorithm generates an outgoing password of the desired length and format for a short and therefore easy-to-remember input.
It will give the same answer to the same input next time, and a different one to another input.
If the rule is different, then the outgoing passwords are different.
Use a easy to remember sentence that makes sense only for you!
For example
"our LinuX team has 7 skilled! members"
oLXth7s!m
"my friend Michael works 8-5 each day"
mfMw8-5ed
These are length 9. I would not go for less. Traditional Unix had 8 characters max; first crack attempts run with 8 or less.
I would not go for well-known excessive password rules like "minimum 2 digits, 2 lower, 2 upper, 2 special". Crack engines know them, compute them first.
Even if the time to compute all possible combinations is short nowerdays, it will take much longer to actually try them out. Traditional Unix logins have a 3 seconds wait time after a failed attempt. IMHO better than blocking the access for an hour after 10 failed attempts.
Last edited by MadeInGermany; 02-15-2024 at 05:43 AM.
There's really no way to provide "security" if your front-line defense is "passwords" of any sort. You need to use something that is truly cryptographic.
For instance, use "OpenVPN with digital certificates and tls-auth" as your "moat, with a hidden drawbridge." Put anything that "requires a password" inside of that perimeter and block it from any access to/from the outside. Authorized users (with non-revoked unique certificates) merely click on an icon at the top of the screen and wait a few seconds for it to switch from grey to black. Unauthorized users get nowhere.
For truly-secure applications "inside the office," consider using a cryptographic-token system that can be physically attached to a terminal. Yes, Linux can support them.
Last edited by sundialsvcs; 02-15-2024 at 07:32 AM.
I think so. Just use a 'phrase' and sub a few chars with caps, numbers, and special chars. Doesn't take much to have over 14 chars (minimum at work) ... And easy to remember.
I would rather use a "keyword". Add some extra chars to it:
Code:
"keyword"
# split it
"key%word%"
# upper case
"Key%Word%"
# some numbers
"1Key%W0rd%2"
# reverse order, use your own idea,
# if you want you can add the url next to it, so you will have:
"1Key%W0rd%facebook?2"
"1Key%W0rd%google?3"
"1Key%W0rd%LQ?4"
And you only need to remember to a few steps and a keyword.
And if you wish you can add your birthday to it,
As rclark says, using passphrases is the easiest way to gain strength whilst retaining memorability, (and not having to remember some obscure generative process).
Four words with a couple of modifications is easy to remember and sufficiently strong.
(Compressing phrases into 9 characters is an unnecessary step - sites that understand and care about security do not impose stupid length limits.)
Compressing phrases into 9 characters is an unnecessary step
+1. Just use the whole Phrase. 'LittleBoPeep' becomes something like '(+LittleB0Peep1982-)' . And no that isn't MY pass phrase!
BTW, at home, I use KeePass to store all my passwords as they need to be different per site, per bank, per whatever.... So the only one I 'need' to know is the one to get into my password vault. Could never remember them all.
You should read carefully and think about what the ng-xim program offers!
last time I edit this.
The outgoing key is generated from 5 words (key1...4, which you entered once in the config. file and from the current input). This also includes the format command entered in the config file. The use of at least one of key1..4 is mandatory! How long a word/sentence you enter in the config file after key1...4: affects your security. The config file is saved by the program (with or without keywords, it's your choice). The strength of the outgoing password is approx. corresponds to the character (key1..4+input+2).
Your profit is that after a one-time setting, your passwords will be easy to remember and still secure (if you set them carefully).
In other words, you type a long phrase once in your life, and then you can use simple short passwords every day. For example, you enter BANK and the program generates an extremely strong password from this plus the stored long sentence.
If you manage several users, you can give them the same password if they forget it. They won't call me again, because they have a PC, a LAPTOP, and two mobile phones, and of course the old password will remain on one of them, and the next call will come. If key1...4 is strong, the input may be very weak. E.g. username1, username2, ..., something you can easily remember, you don't need to write it down or search for it.
Yes, I would like the link to be visible.
This points to a free software (ng-xim) that has been available for many years. It has Linux, Windows and Android versions. This has now been added with a new option that can be useful for everyone.
It allows us to use simple and easy-to-remember passwords, but still maintain security.
Content of the page shown by the link:
--------------------------------------------------------------------
Password protection
Media server and pavc-server can be downloaded from our website contains very strong encryption. But as usual, it is also true that it is only really effective if users use sufficiently strong passwords. However, using and commenting on long and complicated character strings is extremely inconvenient.
Take the case of an encrypted file as an example. Let's assume that malicious attackers wrote a program that would cyclically try to open this file with new and new keywords.
For example, the time required for each attempt should be 0.01 sec. If the careless user only used a 3-digit key, it would take a maximum of 10 seconds to crack the file.
4-digit key 100 seconds
6 digit key 2 hours 47 minutes
8 digit key 12 days
10-digit key 3 years
If we use a mixture of numbers, punctuation marks, and upper and lower case letters in the keys, the strength of our key is roughly equivalent to that of a key consisting of only numbers twice as long. That is, for example, a key a/!W3 (5 characters) is as strong as the key 5791324680 (10 digits).
It will also be a weak key if easy-going people use frequently used (and thus easy to remember) words as keys. Attackers can start with a collection of such words.
Computer technology is developing rapidly. The above examples give an informative estimate based on the capacity of an average PC today, but there are already machines thousands of times faster today, and of course the future holds many more developments. Based on this, a prudent user should use at least one of these keys:
_5ywkyQgoa
!]u7oK1uW?W*
Good - good, but who notes this? To solve this problem, our software has been supplemented with a password generator. This gives users a convenient yet secure solution. Everyone can customize their own password generator. You can define several separate rules for different areas of use. And what is the point: after the correct setting, simple short passwords provide as much security as even a password with 30 mixed characters used to!
(Based on the above, the time to crack a password with 30 mixed characters would be 1e49 years.)
The use of the password generator within our program is automatic.
Since the problem of password management also exists in other applications, our software also provides password management for other programs or Internet access. To do this, it must be started with the following command:
ng-xim -KeyGen
When using the password generator for the first time, the following configuration is loaded:
# ATTENTION !!! Protect your config file with a strong password !!!
# General keyword:
# PORTABLE = 0/1 [default 0]
# (meaning: 0=copy protected; 1= you can copy and use this file on other computers)
#syntax of lines: rulename=keyword:value, keyword2:value2, ....
#keywords:
# default, (it has no value! meaning: this is the default rule),
# input:hidden/visible/visible_double, [default=visible]
# format:num-num/chr, [default=no format]
# num=2...5 (3-3; 3*5; 4x3; 5x2; ... )
# chr (optional)=1aB,aBc,ABC,abc,123 [default=1aB]
# minchar:number, [default=0x21='!']
# maxchar:number, [default=0x7a='z']
# keylen:number, (length of the generated keys [default=16])
# key1/4:_yourkeys, (these are parameters for keygen algorithm)
# a plain text keyword must start with '_' !
#Examples:
#RuleForFormatedGenKey= input:hidden, format:4*3, key1:_1, key2:_2, key3:_3, key4:_4
#RuleForGenKey=default, input:hidden, minchar:'!', maxchar:'z', keylen:10, key1:_1, key2:_2, key3:_3, key4:_4
#RuleForCharString=input:visible
Demo Format 5-3/ABC = format:5-3/ABC, key1:_1
Demo Format 3-5/123 = default, format:3-5/123, key1:_1
Demo Format 4*3/aBc = format:4-3/aBc, key1:_1
Demo Format 4x4 = format:4x4, key1:_1
Demo CHAR =
Demo CHAR hidden=input:hidden
Lines beginning with # are explanations. These are skipped by the software.
Each line of the configuration defines a rule. The generated keys can be formatted or bulk character strings.
If you want to share the keys with others, the formatted solution is more manageable. The format: 5-2/ABC e.g. generates such keys:
OSSXI-OBVOJ, XIXSS-GCLNG, CKKZG-WLNII
If, however, you only use it within our program, it is more appropriate, e.g. the keylen:20 setting which e.g. generates such keys:
[ym[O3E+15cK+9-e]IS3, y[3SI]e-9+Kc51+E3O[m, kMGkeW3S)+ocS-'C?5gW
key1...4 is the basic parameter of the generating algorithm. If we do not assign a value to any of them, then traditional key input is restored. If at least one of them has value, then the generating algorithm is activated. If you give them a new value, it must always start with a _ character! Each setting below will result in a different password:
key1:_little kitten
key2:_little kitten
key1:_small, key2:_kitty
By default, the settings are stored copy-protected. Individual rules can be transferred between PCs using export/import.
The PORTABLE=1 command is configuration-wide and allows you to the entire configuration can be copied between PCs. This is only allowed if password protect the file. Otherwise, the program (as with other passwords) stores the keys in an encrypted form, using a method that prevents copying.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.