|
This thread is locked; no one can reply to it. |
1
2
|
Linux Part 2 |
Tobias Dammers
Member #2,604
August 2002
|
van_houtte said: I've also heard great many things about zsh, any docs you'd recommend? "man zsh" gives you a list of zsh man pages. It's one of the best-documented packages I've seen so far; there is so much documentation that they had to split it up into about a dozen man pages. If you know your way around bash, zsh should be easy enough to pick up - most of what you know from bash works exactly the same, but there's a ton of extra features. Quote: I dont like carrying stuff around me, so I have my keys saved in a server, to access that server, i dont use keys, just keyboard based authentication. That server is my gateway to all my other servers. It's a compromise but my password and username is strong enough for now. You can carry them around just fine, as long as you protect them with a strong passphrase. General advice:
As far as strong passphrases go, you need:
Now pick four to six random words from those lists. Go with the first passphrase the RNG spits out. This thing gets it almost right - I wouldn't trust an online password generator for this though. --- |
Matthew Leverton
Supreme Loser
January 1999
|
A four word pass phrase has the complexity of a four character password. |
Arthur Kalliokoski
Second in Command
February 2005
|
Matthew Leverton said: A four word pass phrase has the complexity of a four character password. You have a 100 word vocabulary? They all watch too much MSNBC... they get ideas. |
bamccaig
Member #7,536
July 2006
|
Tobias Dammers said:
The primary remote machine that I SSH into is my VPS, which I have no physical access to. I don't trust myself to keep backup keys around, and I'm afraid that I'll eventually rm -fR keys or something similar (or I'll format my machine without making backups, which I've already done a few times, albeit somewhat intentionally). As it is, denyhosts already does a good job of locking me out from certain locations every few months. I haven't figured out a good key management strategy yet. As it is, I just recently started on a new machine at j0rb, and I haven't registered public keys yet with GitHub or my Fedora Account so I've had to use anonymous access. As a workaround, since it's so much more trouble to register keys with each of those, I've registered keys with my VPS and created a bare repo on my VPS for each repository that I'm active with right now. I push to my VPS, then I SSH there, pull into a working repository, and push to the origin on GitHub from there. -- acc.js | al4anim - Allegro 4 Animation library | Allegro 5 VS/NuGet Guide | Allegro.cc Mockup | Allegro.cc <code> Tag | Allegro 4 Timer Example (w/ Semaphores) | Allegro 5 "Winpkg" (MSVC readme) | Bambot | Blog | C++ STL Container Flowchart | Castopulence Software | Check Return Values | Derail? | Is This A Discussion? Flow Chart | Filesystem Hierarchy Standard | Clean Code Talks - Global State and Singletons | How To Use Header Files | GNU/Linux (Debian, Fedora, Gentoo) | rot (rot13, rot47, rotN) | Streaming |
Matthew Leverton
Supreme Loser
January 1999
|
Arthur Kalliokoski said: You have a 100 word vocabulary? Of course I exaggerate, and if you pick rare words, then it's not too bad. But, for example, that site provided: camera outside final sink If those common words are all in a 500 word list, you have 62,500,000,000 combinations. That's somewhere between the complexity of a 6 and 7 letter word that contains only uppercase letters, lowercase letters, and numbers. |
Derezo
Member #1,666
April 2001
|
Solution: kahmra owtseid feinle cynk "He who controls the stuffing controls the Universe" |
Arthur Kalliokoski
Second in Command
February 2005
|
But how do you know you'll misspell them the same way every time? Same with leet-speak. They all watch too much MSNBC... they get ideas. |
Neil Walker
Member #210
April 2000
|
Just think of a four letter word and add 12 fullstops to the end. "Neil............" will take 23.89 million centuries to crack. https://www.grc.com/haystack.htm The problem with passwords isn't the size or the complexity, once somebody has one cracked (e.g. a website storing it plain text), then they've usually got into 50 other websites you visit. Think of a phrase and always keep it the same, e.g. 'clever horse staple magnet', then for each website think of a word, e.g. the name of the site or your username, e.g. 'allegro'. Write a little app to generate a hash on the two and you have a completely random massively long and unique password that you don't have to remember. Neil. wii:0356-1384-6687-2022, kart:3308-4806-6002. XBOX:chucklepie |
Tobias Dammers
Member #2,604
August 2002
|
Matthew Leverton said: Of course I exaggerate, and if you pick rare words, then it's not too bad. But, for example, that site provided: It doesn't matter much whether the words are rare or not; as long as your lists are long enough, the entropy is going to be large, and the longer your lists, the smaller the chance for a common word randomly appearing. 4 words from a list of 2048 will give you 44 bits of entropy, and it's going to be easy to remember. With random characters, you can get roughly the same entropy using 9 characters from a set of 64. 'brain wide attack relationship', however, is much easier to remember than 'mgoaRUd6I'. Boost the entropy to 55, and you'll need 11 characters - 'soon garden pain musical car' is easy, 'jtGObH2JUz5' is not. If you want even more entropy without using more words, add other languages to your list. Combine English, French, German and Spanish, 2048 words from each, and you'll get 176 bits of entropy for your four-word passphrase ('generalite hackfleisch gegenpol inanimate'). Even if you cut the entropy in half to account for overlapping and similar words between the languages, the random-character equivalent would still be an 18-character monstrosity such as '~j1Aaft3Wec~evkeo8'. Have fun with that. --- |
Thomas Fjellstrom
Member #476
June 2000
|
Tobias Dammers said: It doesn't matter much whether the words are rare or not; as long as your lists are long enough, the entropy is going to be large, and the longer your lists, the smaller the chance for a common word randomly appearing. Sure, though those examples you gave are just dictionary words, which are easy prey to dictionary attacks. -- |
Tobias Dammers
Member #2,604
August 2002
|
Thomas Fjellstrom said: Sure, though those examples you gave are just dictionary words, which are easy prey to dictionary attacks. If you pick only one, and don't do it randomly, then yes. Four random words out of 2048 are just as good as (or even slightly better than) 8 random characters out of 64. --- |
Matthew Leverton
Supreme Loser
January 1999
|
I have no problem remembering fifteen character passwords of random letters and numbers... Once you type the password a few times, it should be committed to "muscle memory," even if you cannot actually recite the letters apart from typing them. |
Arthur Kalliokoski
Second in Command
February 2005
|
Matthew Leverton said: I have no problem remembering fifteen character passwords of random letters and numbers... Once you type the password a few times, it should be committed to "muscle memory," even if you cannot actually recite the letters apart from typing them. But how often do you switch to a new password? They all watch too much MSNBC... they get ideas. |
Tobias Dammers
Member #2,604
August 2002
|
Matthew Leverton said: I have no problem remembering fifteen character passwords of random letters and numbers... Then you are different from most people. A normal person's reaction to random-8-character-passwords is to put it in a A normal person's reaction to a typical 8-character-mixed-chars password requirement is 'password-1' or 'susan1980!'. Some people try to be smart and pick 'p@55w0rd' or 's3cr1t!!' or such, which is just as silly. But then, if you suggest passphrases, people will use hook lines from pop songs and movie quotes, which isn't exactly a good idea either. --- |
Don Freeman
Member #5,110
October 2004
|
Don't know if you ever tried it, but Zorin Linux is pretty neat if you are more familiar with Windows, but want to try Linux. You can run most Windows programs under it...uses a mix between Wine and a Virtual Box virtual machine. You can create links to the Windows programs and run them just by clicking them. It's still Linux, so you have to know some stuff, but all in all...I think it's pretty good for those wanting to switch from Windows to Linux. -- |
Specter Phoenix
Member #1,425
July 2001
|
Well I decided to try vim, hoping to tease bamccaig that it sucked. Sadly I got made bamccaig's b!tch this time as I actually like using it more than geany. The learning curve for it is surprisingly shallow (if you do vimtutor after installing vim) otherwise the curve is a little steeper as you have to read the docs to learn it. *starts mumbling curses at bamccaig*
|
Trezker
Member #1,739
December 2001
|
Suggestion for checking how safe a password is. |
Tobias Dammers
Member #2,604
August 2002
|
Specter Phoenix said: The learning curve for it is surprisingly shallow (if you do vimtutor after installing vim) otherwise the curve is a little steeper as you have to read the docs to learn it.
1. Install vim This will get you to the break-even point in two to four weeks, and from there, it's a slippery slope - a year later, you'll be using dwm, lynx, mutt, and irssi. --- |
Trezker
Member #1,739
December 2001
|
I think 50 commands is a bit much for a "most important" list. |
bamccaig
Member #7,536
July 2006
|
You'd use up 4/5 just to describe how to move the cursor (in the most rudimentary way). -- acc.js | al4anim - Allegro 4 Animation library | Allegro 5 VS/NuGet Guide | Allegro.cc Mockup | Allegro.cc <code> Tag | Allegro 4 Timer Example (w/ Semaphores) | Allegro 5 "Winpkg" (MSVC readme) | Bambot | Blog | C++ STL Container Flowchart | Castopulence Software | Check Return Values | Derail? | Is This A Discussion? Flow Chart | Filesystem Hierarchy Standard | Clean Code Talks - Global State and Singletons | How To Use Header Files | GNU/Linux (Debian, Fedora, Gentoo) | rot (rot13, rot47, rotN) | Streaming |
Trent Gamblin
Member #261
April 2000
|
xxd. Dumps files in various formats. You can get a hex editor style dump, and you can modify it and then "reassemble" it. You can also create headers from binary files with -i, which is perfect for Allegro 5's memfile addon.
|
GullRaDriel
Member #3,861
September 2003
|
Doxygen can parse your code and generate call graphs and a documentation if only you followed some nifty commenting syntax. It's available under windows and linux, there is a command line tool as weel as a gui. it's also freeeeeee "Code is like shit - it only smells if it is not yours" |
Thomas Fjellstrom
Member #476
June 2000
|
valgrind's callgrind can also do some nice call graphs \o/ in fact, I highly recommend valgrind in general. -- |
weapon_S
Member #7,859
October 2006
|
I forgot about valgrind, but for the rest the programs I use in Linux are about the same I use in Windows. Vim is scary My masochistic project for now is learning to use a tracker (i.e. MilkyTracker a FastTracker II clone) |
|
1
2
|