Is this a secure way to generate passwords?SET /p password=Enter password#
SET /p rounds=Enter rounds#
php.exe -r "$password = '%password%'; for ($x = 0; $x <= %rounds%; $x++) {$password = hash('sha512', $password);} echo $password; echo PHP_EOL;"
So I have an easy to remember password like "cats" or whatever and then hash it an arbitrary number of times to generate a long password I can't remember. All I have to remember is the original easy password and the number of times it was hashed. An attacker would need to know both pieces of information to generate the real password. Good idea or is there a serious flaw in my thinking? Thanks for your help
Rehashing is considered absolutely bad idea for security reasons, mainly because you might create hash collision problems in the future.
For now sha512 is safe to hash collision but since we are going to have quantum computers in a matter of years expect troubles.
In any case, hashing a hash is considered unsafe and not recommended.
Adding: use HMAC instead or bcrypt since you are using php.
Just generate random passwords consisting of 4096 Unicode characters and store them in an encrypted text file
date | md5sum
>>61692105#!/bin/bash
if [ $# -ne 2 ]
then
echo "This script needs exactly 2 command-line arguments!"
exit 1
fi
echo $(echo -n "$1@$2" | sha3sum -a 512 | xxd -r -p | base64 -w0)
This is how I create my passwords, I would use pbkdf2 with sha3 and with like 2^16 iterations if it was easier to.
>>61692299
>Rehashing is considered absolutely bad idea for security reasons
Bullshit
>mainly because you might create hash collision problems in the future.
Wut
>For now sha512 is safe to hash collision
What the fuck is this supposed to mean?
>but since we are going to have quantum computers in a matter of years expect troubles.
Quantum computers won't magically break sha512.
>In any case, hashing a hash is considered unsafe and not recommended.
Yeah, no.
>>61692386
I would suggest to just take 512 bits from urandom and convert them to base64, however it would be somewhat difficult to keep that in your mind.
>and store them in an encrypted text file
You would need a way to encrypt that file.
>>61692105
I just smack my head onto the keyboard while tapping Shift spastically
You want a password manager.
>>61692105
>php.exe
LOL
KeePass + SyncThing has done great for me. ¯\_(ツ)_/¯.
generate a passage from the bible like Terry does with gw. get the first word and the last. example king + tithe. make your own password out of that. e.g. k1nGt1th3