[liberationtech] Request for comments - loplop
Uncle Zzzen
unclezzzen at gmail.com
Mon Oct 29 02:04:04 PDT 2012
Perhaps you're familiar with oplop ( https://code.google.com/p/oplop/
) - a fire-and-forget reproducible password generator.
It's simple (not much code to review) and relieves users of needs like
always having access to an encrypted password storage (or inventing
and remembering many easy-to-remember-yet-hard-to-guess passwords).
The only problem is that oplop generates 8-character-long passwords,
which makes it susceptible to brute-force attacks (e.g. rainbow
tables).
I've written something called loplop (longer oplop) that produces
16-character-long passwords by default (but can easily be told to be
oplop-compatible).
My first attempt was to offer this to the Oplop community, but it
didn't work out ( https://code.google.com/p/oplop/issues/detail?id=94
) so I "went solo" instead:
https://github.com/thedod/loplop#readme
Out of the many Oplop implementations (
https://code.google.com/p/oplop/wiki/Implementations ), I've only
forked the CLI and Android ones (the ones I need). If you think loplop
is a good idea - feel free to implement others.
My question is: do you see any weaknesses in the passwords loplop generates?
I.e. given a password's hash (say - an unsalted MD5), would knowing
that it was a loplop-generated password give you any advantage in
cracking it?
Thanks,
The Dod
More information about the liberationtech
mailing list