Adam

Authored Comments

Though: "Please note that there are security flaws in pronounceable password generation schemes (see Ganesan / Davis "A New Attack on Random Pronounceable Password Generators", in "Proceedings of the 17th National Computer Security Conference (NCSC), Oct. 11-14, 1994 (Volume 1)", http://csrc.nist.gov/publications/history/nissc/ 1994-17th-NCSC-proceedings-vol-1.pdf, pages 203-216)

Also note that the FIPS 181 standard from 1993 has been withdrawn by NIST in 2015 with no superseding publication. This means that the document is considered by its publicher as obsolete and not been updated to reference current or revised voluntary industry standards, federal specifications, or federal data standards.

apg has not seen upstream attention since 2003, upstream is not answering e-mail, and the upstream web page does not look like it is in good working order. The Debian maintainer plans to discontinue apg maintenance as soon as an actually maintained software with a compariable feature set becomes available."

https://packages.debian.org/buster/apg

Don't forget the famous "Correct Horse Battery Staple" cartoon...

https://xkcd.com/936/

I much prefer pass-phrases when I'm allowed, as the length really does help in remembering what they are, and for the overall security.

Don't even get me started on the evils of password ageing..!