Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Request for comments - loplop

Uncle Zzzen unclezzzen at
Mon Oct 29 02:04:04 PDT 2012

Perhaps you're familiar with oplop (
) - a fire-and-forget reproducible password generator.
It's simple (not much code to review) and relieves users of needs like
always having access to an encrypted password storage (or inventing
and remembering many easy-to-remember-yet-hard-to-guess passwords).

The only problem is that oplop generates 8-character-long passwords,
which makes it susceptible to brute-force attacks (e.g. rainbow

I've written something called loplop (longer oplop) that produces
16-character-long passwords by default (but can easily be told to be
My first attempt was to offer this to the Oplop community, but it
didn't work out (
) so I "went solo" instead:

Out of the many Oplop implementations ( ), I've only
forked the CLI and Android ones (the ones I need). If you think loplop
is a good idea - feel free to implement others.

My question is: do you see any weaknesses in the passwords loplop generates?
I.e. given a password's hash (say - an unsalted MD5), would knowing
that it was a loplop-generated password give you any advantage in
cracking it?

The Dod

More information about the liberationtech mailing list