11-14, 1994 (Volume 1)", 1994-17th-NCSC-proceedings-vol-1.pdf, pages 203-216)Īlso note that the FIPS 181 standard from 1993 has been withdrawn by NIST in 2015 with no superseding publication. Though: "Please note that there are security flaws in pronounceable password generation schemes (see Ganesan / Davis "A New Attack on Random Pronounceable Password Generators", in "Proceedings of the 17th National Computer Security Conference (NCSC), Oct. One thing to notice is that the only non-alphanumeric characters are / and +. This example output shows a pretty good jumble of characters. The for loop runs 12 times, so you get 12 passwords. Finally, cut slices off 12 characters to end with a 12-character password. The job of sed seems to be some further transformation so that the letters are mixed upper and lower case. The uuencode command can be obtained by installing the sharutils package. The feedback messages from dd are stripped out, and then the characters are passed on to uuencode, whose job it is to transform the characters so that all are printable (i.e., no control characters). You may have seen dd used to copy one disk to another, but in this case, it is used to generate one block of random characters with dev/urandom. The "meat" of the script is in the line beginning with do dd. I don't know all the details of how this works, but I have done a bit of research and experimentation.
#!/usr/bin/env shįor ((n=0 n /dev/null | uuencode -m - | sed -ne 2p | cut -c-12 Full disclosure: I found most of this script posted somewhere and made a minor modification to it. My mind often seems to draw a blank when I have to create a new login, and this short Bash script fills that void. Periodically, I need to come up with new passwords, some of which need to be more secure than others.
0 kommentar(er)
