Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Request for comments - loplop

Uncle Zzzen unclezzzen at gmail.com
Mon Oct 29 02:04:04 PDT 2012


Perhaps you're familiar with oplop ( https://code.google.com/p/oplop/
) - a fire-and-forget reproducible password generator.
It's simple (not much code to review) and relieves users of needs like
always having access to an encrypted password storage (or inventing
and remembering many easy-to-remember-yet-hard-to-guess passwords).

The only problem is that oplop generates 8-character-long passwords,
which makes it susceptible to brute-force attacks (e.g. rainbow
tables).

I've written something called loplop (longer oplop) that produces
16-character-long passwords by default (but can easily be told to be
oplop-compatible).
My first attempt was to offer this to the Oplop community, but it
didn't work out ( https://code.google.com/p/oplop/issues/detail?id=94
) so I "went solo" instead:

https://github.com/thedod/loplop#readme

Out of the many Oplop implementations (
https://code.google.com/p/oplop/wiki/Implementations ), I've only
forked the CLI and Android ones (the ones I need). If you think loplop
is a good idea - feel free to implement others.

My question is: do you see any weaknesses in the passwords loplop generates?
I.e. given a password's hash (say - an unsalted MD5), would knowing
that it was a loplop-generated password give you any advantage in
cracking it?

Thanks,
The Dod



More information about the liberationtech mailing list