Generating passwords.

May 20 2018

A fact of life in the twenty-first century are data breaches - some site or other gets pwned and tends to hundreds of gigabytes of data get stolen.  If you're lucky just the usernames and passwords for the service have been taken; if you're not, credit card and banking information has been exfiltrated.  Good times.

You've probably wondered why stolen passwords are dangerous.  There are a few reasons for this: The first is that people tend to re-use passwords on multiple sites or services.  Coupled with the fact that many online services use e-mail addresses as usernames, this means that all someone has to do is try to log into... well, everything.. with those stolen credentials and see which ones work.  The second is that attackers now have lists of passwords that people actually use, and not huge dictionaries of potential passwords assembled for completeness.  This means that password cracking attacks can be much more precisely targeted and will probably take less time.

There is no shortage of helpful suggestions for generating passwords that are relatively strong and easy to remember.  The one that I find the most useful is the Diceware technique, which is fairly straightforward.

  • Get a handful of six sided dice.
  • Take a large dictionary of words where each word is numbered, and each number consists only of the digits 1 through 6, i.e., 41524
  • Roll the dice.  Find the word with the corresponding number in the dictionary.
  • Do this until you have a long passphrase.

It's a bit tedious, though.  Of course, people have written their own implementations of Diceware for various platforms and with varying states of usability.  I use plain old diceware on Windbringer, mostly because it's available through the AUR but it lacks a few features that I really find useful.  For one, to mix things up I like to sprinkle numbers over my generated passwords, like so: rerun-anteater-idly-00877-lining-paddling-8283

(No, I don't really use that passphrase anywhere.  Come on.)

So, I decided to write my own Diceware utility in Python.  I wrote it to be as self-contained as possible, which is to say as long as you have Python installed on a system it should run.  The wordlist is built into the utility (which accounts for most of its size) and it's as easy to use as I can make it.  I deliberately did not make some options I prefer defaults because I wanted it to be as helpful to people as possible.  Per GNU standard, running ./diceware.py --help will print the online help.  It's also open source so feel free to use it anywhere you like.  I've tested it on Arch Linux and Mac OSX, and I don't see any reason why it wouldn't work on, say, Ubuntu or Raspbian.

Share and enjoy!

Technomancer tools: Managing and sharing bookmarks across multiple systems.

May 05 2018

If you have multiple systems (like I do), a problem you've undoubtedly run into is keeping your bookmarks in sync across every browser you use.  Of course, there are services that'll happily do this job on you behalf, but they're free, and we all know what free means.  If you're interested in being social with your link collection there are some social bookmarking services out there for consideration, including what's left of Delicious.  For many years I was a Delicious user (because I liked the idea of maintaining a public bookmark collection that could be useful to people), but Delicious got worse and worse every time it was sold to a new holding company.  I eventually gave up on Delicious, pulled my data out, and thought long and hard about how often anybody actually used my public link collection.  The answer wound up being "In all probability, not at all," largely because I never received any feedback at all, on-site or off.  Oh, well.

For a couple of years I used an application called Unmark to manage my link collection, and it did a decent enough job.  It also had some annoying quirks that, over time got farther and farther under my skin, and earlier this year I kicked Unmark in the head and started the search for a replacement.  Quirks like, about half the time bookmarks would be saved without any of the descriptions or tags I gave themNo search API.  The search function sucked so I couldn't plug my own search function in.  Eventually, the Unmark hosted service started redirecting to the Github repository, and then even that redirect went away.  Unmark hasn't been worked on in eight months, and Github tickets haven't been touched in about as long.  In short, Unmark seems dead as a doornail.

So I migrated my link collection to a new application called Shaarli, and I'm quite pleased with it.

Can't come up for air just yet.

May 04 2016

Hacking code and writing policy. I'll be able to come up for air soon.

Also, del.icio.us claims that they're migrating to their old URL and that everything is fine. Only everything's not fine, nobody's links load, their blog is now gone, and they're not responding to anybody trying to get in touch with them. I'm glad I was able to download my data (including all the stuff I want to write about when I get a chance) before their site started acting screwy again. I guess I'm going to need to set up my own online link manager...