Jump to content

Generate strong, memorable passwords with Crypt::HSXKPasswd


Recommended Posts

Doesn't work for me. It can't find xkpasswd.
 
For some reason, the workflow looks in /usr/local/xkpasswd. It's installed in /Library/Perl/5.18/Crypt/HSXKPasswd.

 

Are you using HSXKPasswd's built-in sample files to generate the passwords?

Edited by deanishe
Link to comment
  • 2 weeks later...

Doesn't work for me. It can't find xkpasswd.

 

For some reason, the workflow looks in /usr/local/xkpasswd. It's installed in /Library/Perl/5.18/Crypt/HSXKPasswd.

 

Are you using HSXKPasswd's built-in sample files to generate the passwords?

 

Thanks for the tip. I copied the Crypt files over to user/local and the script works. 

Link to comment

Thanks for the tip. I copied the Crypt files over to user/local and the script works. 

 

If I were you, I wouldn't use this workflow for the time being. It appears to generate passwords based on the sample word lists included. These lists are much too short to generate secure passwords from (unless they're 10+ words).

Link to comment
  • 2 weeks later...

very usefull workflow... the word list is quite short indeed, so just replace it with another one, or merge some of the samples (if you speak another non-english language)

:-)

That's one solution, and strictly for the tech savvy.

I have serious reservations about a workflow that promises "strong, memorable" passwords, but in fact provides insecure (but memorable) passwords by default. I've been debating editing the OP to make clear that it isn't secure, but held off in the hope that zkarj fixes the workflow.

OTOH, that kind of turns its other major issue (it doesn't actually work at all until you install some Perl libraries in weird locations) into a valuable feature!

Edited by deanishe
Link to comment

fyi the "small dictionary" issue is reported: https://github.com/bbusschots/hsxkpasswd/issues/11

That's the underlying library, right?

It's good that the issue has been reported, but I don't see that as being super relevant.

What matters (to me) is that this workflow claims to provide strong passwords, but doesn't. Having a crappy wordlist is one thing. Having a crappy wordlist and telling people it's great is quite another.

 

Also, I installed HSXKpasswd with 1 commandline: 

sudo cpan Crypt::HSXKPasswd
It's then instaled in /usr/local/bin/hsxkpasswd

So the Workflow worked without any adjustments/problems for me.

 

I used the same command, but it got installed in the location noted above, which means the workflow doesn't work.

IMO, any libraries should be installed in the workflow (i.e. distributed with it), so users don't have to dick around with sudo and risk breaking other software that requires a different version of some library or another.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...