Jump to content
zkarj

Generate strong, memorable passwords with Crypt::HSXKPasswd

Recommended Posts

As a followup to my earlier workflow, here's a new one which uses the recently updated xkpasswd library, now known as Crypt::HSXKPasswd.

 

It lets you generate secure, memorable passwords easily, directly to your clipboard for pasting into those signup forms. A variety of options are provided based on the presets used at xkpasswd.net.

 

Details over on my blog.

 

 

Share this post


Link to post

Doesn't work for me. It can't find xkpasswd.
 
For some reason, the workflow looks in /usr/local/xkpasswd. It's installed in /Library/Perl/5.18/Crypt/HSXKPasswd.

 

Are you using HSXKPasswd's built-in sample files to generate the passwords?

Edited by deanishe

Share this post


Link to post

Doesn't work for me. It can't find xkpasswd.

 

For some reason, the workflow looks in /usr/local/xkpasswd. It's installed in /Library/Perl/5.18/Crypt/HSXKPasswd.

 

Are you using HSXKPasswd's built-in sample files to generate the passwords?

 

Thanks for the tip. I copied the Crypt files over to user/local and the script works. 

Share this post


Link to post

Thanks for the tip. I copied the Crypt files over to user/local and the script works. 

 

If I were you, I wouldn't use this workflow for the time being. It appears to generate passwords based on the sample word lists included. These lists are much too short to generate secure passwords from (unless they're 10+ words).

Share this post


Link to post

very usefull workflow... the word list is quite short indeed, so just replace it with another one, or merge some of the samples (if you speak another non-english language)

 

:-)

Share this post


Link to post

very usefull workflow... the word list is quite short indeed, so just replace it with another one, or merge some of the samples (if you speak another non-english language)

:-)

That's one solution, and strictly for the tech savvy.

I have serious reservations about a workflow that promises "strong, memorable" passwords, but in fact provides insecure (but memorable) passwords by default. I've been debating editing the OP to make clear that it isn't secure, but held off in the hope that zkarj fixes the workflow.

OTOH, that kind of turns its other major issue (it doesn't actually work at all until you install some Perl libraries in weird locations) into a valuable feature!

Edited by deanishe

Share this post


Link to post

fyi the "small dictionary" issue is reported: https://github.com/bbusschots/hsxkpasswd/issues/11

That's the underlying library, right?

It's good that the issue has been reported, but I don't see that as being super relevant.

What matters (to me) is that this workflow claims to provide strong passwords, but doesn't. Having a crappy wordlist is one thing. Having a crappy wordlist and telling people it's great is quite another.

 

Also, I installed HSXKpasswd with 1 commandline: 

sudo cpan Crypt::HSXKPasswd
It's then instaled in /usr/local/bin/hsxkpasswd

So the Workflow worked without any adjustments/problems for me.

 

I used the same command, but it got installed in the location noted above, which means the workflow doesn't work.

IMO, any libraries should be installed in the workflow (i.e. distributed with it), so users don't have to dick around with sudo and risk breaking other software that requires a different version of some library or another.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...