Initial commit: HPR Knowledge Base MCP Server
- MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
205
hpr_transcripts/hpr2393.txt
Normal file
205
hpr_transcripts/hpr2393.txt
Normal file
@@ -0,0 +1,205 @@
|
||||
Episode: 2393
|
||||
Title: HPR2393: PWGen - A password generator
|
||||
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr2393/hpr2393.mp3
|
||||
Transcribed: 2025-10-19 02:12:14
|
||||
|
||||
---
|
||||
|
||||
This in HPR episode 2,393 entitled, BW Gen a password generator, it is hosted by Note and
|
||||
in about 23 minutes long and carry a clean flag.
|
||||
The summary is, Note talks about how he uses BW Gen to set people's passwords at work.
|
||||
This episode of HPR is brought to you by an honesthost.com, get 15% discount on all shared
|
||||
hosting with the offer code, HPR 15, that's HPR 15.
|
||||
Better web hosting that's honest and fair at An honesthost.com.
|
||||
Hi this is Zoke, today I want to talk about PW Gen, I know that Klaatu did one recently
|
||||
about PC Gen, the player character generator.
|
||||
Well this is actually the password generator, although we could always pretend it's the player
|
||||
wife generator or player wolf generator, something, anyway PW Gen, you can probably just Google
|
||||
for it.
|
||||
On sourceforge, PW Gen dash win dot sourceforge dot net, you can find that, and if I can
|
||||
remember my phonetic alphabet, at papa whiskey golf echo november dash or hyphen, whiskey
|
||||
india november dot Sierra oscar uniform Romeo Charlie echo foxtrot oscar Romeo G golf echo
|
||||
dot november echo tango almost all the way through, but yes PW Gen dash win dot sourceforge
|
||||
dot net.
|
||||
If you, and I'm just going to try that, Google PW Gen, it is actually the first link there.
|
||||
So what does it do, it generates passwords, now I'm sure you're saying so, but last
|
||||
pass, yeah use last pass, I do, last pass is awesome, they even went free recently which
|
||||
is even better, I mean I still actually pay them because I think it's worth making sure
|
||||
they, they, they realize how useful it is, but basically last pass will do really long
|
||||
passwords, it will remember, it will also fill few blah blah blah stuff, there's a ton
|
||||
of cool things, I'm not sure if anyone's actually done an episode on last pass or passwords
|
||||
in general, this is where I searched and I found that it was me that did one, I cannot
|
||||
obviously see, I want to, who could do one, so there we go, yeah, someone has talked
|
||||
about it, so I'm not going to go too much about it, I used last pass, I actually got worked
|
||||
by last pass for, for use for, for our IT team, so that's very useful, but quite often
|
||||
I will have to reset someone's password, I will need to tell them that password, well
|
||||
your password, it's capital G, it's a lowercase U, it's the seven, it's star, star, yes,
|
||||
yes, no, not STAR, there's the shift 8, shift, shift, you, you don't know what the key
|
||||
shift is, and then I feel like I'm a character from the IT crowd, hello you from the past,
|
||||
I apologize to everyone for that impersonation there, by the way, so PW Gen is a wonderful
|
||||
little program you can run it portable, because a lot of people at work will not have the
|
||||
ability to have local admin accounts, in fact you shouldn't be able to install stuff,
|
||||
I work in IT, so I do know the local admin account and I have a domain admin account, but
|
||||
my regular user account is not domain admin account install stuff, that's where it should
|
||||
be your separate powers, so you know, separation of two into state, however you want to
|
||||
explain it, but basically you should not have local admin, you should not have the
|
||||
domain admin as your regular user account, it's a massive security risk, it's very useful
|
||||
though sometimes, but you can run the portable version of PW Gen, and that means you don't
|
||||
have to install it, so you run password Gen, there are bunch of options I'll quickly go
|
||||
through some of these icons at the top are load, create, delete profiles, I've never
|
||||
done anything with those, generate passwords based on a master password, I don't do that,
|
||||
clipboard text encryption, left click or decryption right click, I don't do that, clear clipboard
|
||||
text content only, I don't do that, change main configuration of the program, I don't
|
||||
do that, over news manual, I don't do that, now if you need any of those stuff very cool,
|
||||
there's a bunch of things that are great, I basically just use it for password generation,
|
||||
so the three options you have are, number one, we have include characters or passwords,
|
||||
number two include words, which is past phrases, so if you've read that xkcdr to the correct
|
||||
horse battery staple, that's that one, and the last one is format password, now if you're
|
||||
doing this for work, include characters, I used last past for that, I don't care, but
|
||||
what you can do is have it make 12 upcase, lowercase numbers, so if I actually select that,
|
||||
the default length is 12, character set is upcase, lowercase number, I hit generate, we
|
||||
have lowercase a, lowercase o, the number six, capital T, capital G, lowercase q, lowercase
|
||||
a, lowercase v, number five, number two, lowercase c, lowercase v, imagine on the phone,
|
||||
what's my password, oh it's a lowercase a, lowercase o, number six, uppercase T, uppercase
|
||||
G, lowercase, so are you writing this down, are you trying to type this in, lowercase
|
||||
a, lowercase o, the number six, six, lowercase T, sorry uppcase T, T, no, not the, T is in
|
||||
Thomas, M is in Mancy, no, so that's horrible to explain, I don't use that, number two,
|
||||
include words, past phrases, defaults five, it pulls some random default word list, if
|
||||
I generate that, we have sink, dorsen, muck, new, flow, that's better, one issue with that
|
||||
is that it is just lowercase and spaces, it does not have anything else, the default
|
||||
slightly complicated passwords in windows is three of the four of uppercase, lower, number
|
||||
and special, this only has two, it has spaces which counts as special and lowercase, it
|
||||
will fail, it does 25 characters as long as can along, but you can change the number
|
||||
that's a three, but I do not use the words, I actually use format passwords, now if you
|
||||
click on the format passwords on the right there is a blue question mark, if you click
|
||||
on that question mark, it gives you the quick help, format specifiers have the form, quotes,
|
||||
percent, open square brackets, star, close square brackets, open square brackets, n,
|
||||
close square brackets, x quotes or really, really, dry isn't it, basically there's a list
|
||||
of placeholders, two columns in the middle ish and it tells you what they are, percent
|
||||
x is custom character set, that's set up in options, I don't worry about that, percent
|
||||
a lowercase a is lowercase character and a number, percent capital a is uppercase, lowercase
|
||||
numbers, things like that, the main ones you will want, percent d is digits, so the numbers,
|
||||
percent u is uppercase, percent l, lowercase l is lowercase and percent s is special,
|
||||
lowercase s, those are the big ones, there's also percent capital w which is words, so format
|
||||
password, percent capital w, percent, lowercase s and percent, lowercase d, d, that is for
|
||||
digit, if we generate that, it says rain number six, that's r e i n, what it's doing is
|
||||
creating one word, one special, one digit, now, let's actually change that to percent
|
||||
three uppercase w and hit generate, the uppercase w means words without spaces between them,
|
||||
that is two, is seven c-bam, I guess, that's not really words, we'll come back to the word
|
||||
list in a moment, but if I hit generate again, we're doing weird ones today, here we go, that's
|
||||
a bit better, start link his land plus seven, that's reasonably good, assuming you can spell
|
||||
and you know how to spell link, by the way, the obvious answer is how do you spell link is
|
||||
that the animal or the connection, this one is the animals, it's lync, so you get a few
|
||||
interesting words like that, but start link the animal, his land plus seven, you should be able to
|
||||
write that out exactly as I have it in front of me, so if I've reset your password, you should be
|
||||
able to look in exactly as that, it makes an 18 character password, it's nice and long, I can
|
||||
go in through a whole episode of how stupid Microsoft get with their passwords and why anything
|
||||
under a 14 character password, 14 characters are less, by the way, it's stupid in Windows,
|
||||
basically old way of doing it, they split the 14 into two seven character passwords, you can
|
||||
break them in like three seconds on any machine made in the last five years, useless, if you have
|
||||
15 characters or more, it forces the new way, which will take here like years to break, so,
|
||||
so 15, it's easy to read over the phone, it assuming people can spell, should be easy for them to
|
||||
type in, and it is all lowercase, you don't have to be uppcase, s, lowercase, t, uppcase, a,
|
||||
it's just start link his island plus seven, it matches the upp, uppcase, lowercase number,
|
||||
special three of this four in this case, no uppcase, but lower, special and number, so it will
|
||||
match the word, the Windows password requirements, complexity requirements, so it should be perfect in
|
||||
all ways, now let's do another generate, win, slav, 85, open brackets, three, 85 is not a number,
|
||||
sorry, 85 is a number, it's not a word, for some reason they have a very strange word list,
|
||||
yes it's words, but it's also this at symbol and other things like that, I do not like that, now,
|
||||
I did find a better word list, and I can't remember how I did it, I think I searched for a
|
||||
Scrabble word list, and used 4567 character passwords, sorry 4567 character words,
|
||||
and that was enough to give a nice selection, so we didn't have four single character passwords,
|
||||
and oh I'm sorry your password must be eight characters or longer, whatever, this way it's long
|
||||
enough, it's easy enough, Scrabble word lists four letters,
|
||||
wordfind.com has four letter words, here we go, here's a bunch 403, so 4,030 words found,
|
||||
and Chrome saying would you like to translate this page, interesting, but you could take something
|
||||
like that, you can combine it with four and five and six and seven letter words, and again,
|
||||
wordfind seems to have that, for example, so you could pull that down, I actually found a downloadable
|
||||
version, you can use something like that, and it will give you a decent password, decent enough,
|
||||
you can tell someone on the phone and explain it to them nice and clearly,
|
||||
that's basically it, that is what I do now, what I do at work is, and if you run the program
|
||||
if you're playing along at home, at the very bottom there is a random pool, it's entropy bits,
|
||||
and says number over another number, this case mine says 591 of 256, as you move the mouse around,
|
||||
as you click, as you type letters, it pulls that entropy in, it takes what numbers, what letters
|
||||
the time between, I'm making this up, I haven't actually read the source code, but it's doing
|
||||
something like this, it's taking the letters, the mouse movements, the time between it, the current
|
||||
time, the, how big your hard drive is, how full it is, a bunch of random stuff like that, and
|
||||
using that to seed this entropy pool, so the more you move the mouse around you do it, so what I
|
||||
actually did, so I ran it, I worked all day and at the end of the day I generated the passwords,
|
||||
it will, it doesn't require the entropy, it just makes better passwords if you do this, so my
|
||||
entropy bits are now 731, and if I hit generate it will take 256, or so off, and now I am done to 219
|
||||
256, oh now it's back up because I'm moving the mouse, but I'm waving like you can see my screen,
|
||||
unless you work for the NSA you probably can't, so you move the mouse around and
|
||||
there's a bar at the bottom, the more times you hit generate, the more it goes down the bar, and
|
||||
then it shows how much entropy is remaining from this round of pool, the idea is that it's
|
||||
better passwords, now I don't care really, if you're paranoid you can say yes, but I'm going to
|
||||
reset someone's password, I'm going to phone them up, I'm going to say this is your password,
|
||||
your password is, evolve, whack, myopia, pound sign 2, 19 characters, there we go,
|
||||
takes sometimes a moment to figure out where the words split up, but you can copy and paste that
|
||||
straight into active directory users and computers, right click reset password, paste that's the
|
||||
password, bring the user up, your password is now evolve, whack, myopia number 2, okay myopia is
|
||||
maybe a little difficult, so hit generate, p2 just rapid star 6, yeah that's not very good, Ivan
|
||||
bulge, I don't, i-e-e-e, i-e-e, lux attic froze, bask even zan, so again some of them are a bit weird,
|
||||
you may want to take common words, so list of common five letter words, comes up five letter words
|
||||
free dictionary, the free dictionary dot com slash five letter words with hyphen's in between
|
||||
dot htm, there's a bunch, so you can grab that and I don't know if it will let you download,
|
||||
list, all right download list of common five letter words, this list stanford cs is a nice decent set
|
||||
of words, there we go, excellent, so we can take that, I'm going to right click and save link
|
||||
as url.com, now let's take that file save sgb words dot text, I'm going to just throw that into
|
||||
wherever I put the password generator, which I can't remember, there, now back in the password
|
||||
gen program, we have, if I can find where it was, under the include words, there is the word list
|
||||
file, and it says default, drop down, we can actually do the magnifying glass and find five words,
|
||||
open that, it pulls that in now, if I do generate password, we will have hyped nix
|
||||
beaters, beaters, depending on how you want, apostrophe five, mayor wool's hypo's number eight,
|
||||
croft admi, uh, wait, croft admi x lipid star one, all right, so if I came up, I would skip that,
|
||||
toadie digit grist, open brackets six, or open parentheses, see my previous episode for,
|
||||
well several episodes ago for mayor complain about brackets and parentheses, it's shift nine,
|
||||
however you want to call it, I call it brackets, that was the English thing, it seemed shut up,
|
||||
uh, trait ponds latex number two, so that's a decent enough, it's 17 characters, I'm using
|
||||
three five letter words, a special and the number that will make 17 characters, that's decent enough,
|
||||
what I actually do is there is a button, uh, slightly above where the generator password is
|
||||
says multiple passwords 100, I'm going to click generate, and that will give me in, sort of
|
||||
notepad looking file, 100 passwords generators, security of each password is 45 bits, maximum
|
||||
security of the entire list is 256 bits, here we go, group wrap, so wraps, visor, until the zero,
|
||||
float jimmy's, uh, jimmy stony, maybe I'll jimmy's tony, I'm not sure, no five letter has to be jimmy
|
||||
stony plus five, whiz, anti, anti's neons, greater than two, medic, haiku, or haiku, however you
|
||||
pronounce that one, uh, stubs pipe seven, brads, event, uh, wait brads, event, i-v-i-v-i-e-d,
|
||||
all right, again skip that one, that's complicated and that would be difficult to explain, um,
|
||||
so I go through this list and I basically throw it into a text file, next time someone needs a
|
||||
password reset, okay, right, your password is clack, spores, sandy slash seven, so a clack,
|
||||
spore, singular, sandy slash seven, that's generally easy enough that you can explain over the phone,
|
||||
on the assumption the other person can spell, yes it does quite frequently come up, they can't
|
||||
apparently, but generally it's pretty good, it's a nice secure password, it's easy enough that they
|
||||
can write it in, and generally it's pretty good, is it perfect, no, but it's pretty good, it's
|
||||
pretty easy to explain it over the phone, you don't have to go through the, it's mancy, m as in mancy,
|
||||
is that m or n, or did you say d, or t, or e, or g, or so it's a word, generally people have heard
|
||||
words, you pick common words, it's pretty good, is it perfect, like I said, no, absolutely not,
|
||||
but it ain't bad, and it is more secure than just saying, well I work for Microsoft,
|
||||
your password is now Microsoft one, but the capital m for Microsoft, like everyone else is
|
||||
password, or it's Friday, so it's Friday one, or summer 2017, because you have to change a
|
||||
password once a quarter, so therefore you just pick which month, or which season, or something,
|
||||
and then the year, everyone does that, and if anyone's trying to hike your password, that is
|
||||
always the ones they try, I'm pretty sure at work if I, and I do occasionally run to check against
|
||||
people's passwords, summer 2017 would be people's passwords, I'm pretty sure I could find something
|
||||
based on the company name, I'm pretty sure that let's say our default was password one, it's not
|
||||
but let's say it is, I'm pretty sure I could find password one, or password two, or password three,
|
||||
as a general password, so this is a fairly easy, and it kind of sort of teaches that the user's
|
||||
look, it's a decent enough password, it's better than what you were using most likely, so let's just
|
||||
do that, so trade pons latex number two, that's your password, there you go, it should be good enough,
|
||||
like I said, pwgen, very cool program, if you're doing that sort of thing,
|
||||
if you're using it for anything more than temporary passwords, or low security passwords,
|
||||
use last pass, or one pass, or dash lane, or whatever the others are, I use last pass,
|
||||
so that's my personal recommendation, but any of the passwords managers will work,
|
||||
but if you need something, low security, low importance, and I know someone's password is important,
|
||||
but because it's big, you check the make user reset their password, password general will work,
|
||||
very well for that, that's it, I've been zoke, that's it, you have a fantastic day, and I've talked to
|
||||
you, hopefully, a lot sooner than my last episode, which was two years ago now, it's been a while,
|
||||
anyway, in the words of the guy from Independence Day, I'm back!
|
||||
We are a community podcast network that releases shows every weekday, Monday through Friday,
|
||||
today's show, like all our shows, was contributed by an HPR listener like yourself,
|
||||
if you ever thought of recording a podcast, then click on our contributing to find out how easy it
|
||||
really is, Hacker Public Radio was founded by the digital dog pound and the infonomicum computer
|
||||
club, and it's part of the binary revolution at binrev.com, if you have comments on today's show,
|
||||
please email the host directly, leave a comment on the website or record a follow-up episode yourself,
|
||||
unless otherwise stated, today's show is released on the creative comments,
|
||||
attribution, share a like, 3.0 license.
|
||||
Reference in New Issue
Block a user