lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ed06ba954be8f317c6c89ffd7f08eeccc83aba20
hpr-knowledge-base/hpr_transcripts/hpr2393.txt
Lee Hanken 7c8efd2228 Initial commit: HPR Knowledge Base MCP Server 
- MCP server with stdio transport for local use
- Search episodes, transcripts, hosts, and series
- 4,511 episodes with metadata and transcripts
- Data loader with in-memory JSON storage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00

206 lines
18 KiB
Plaintext
Raw Blame History

Episode: 2393
Title: HPR2393: PWGen - A password generator
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr2393/hpr2393.mp3
Transcribed: 2025-10-19 02:12:14
---
This in HPR episode 2,393 entitled, BW Gen a password generator, it is hosted by Note and
in about 23 minutes long and carry a clean flag.
The summary is, Note talks about how he uses BW Gen to set people's passwords at work.
This episode of HPR is brought to you by an honesthost.com, get 15% discount on all shared
hosting with the offer code, HPR 15, that's HPR 15.
Better web hosting that's honest and fair at An honesthost.com.
Hi this is Zoke, today I want to talk about PW Gen, I know that Klaatu did one recently
about PC Gen, the player character generator.
Well this is actually the password generator, although we could always pretend it's the player
wife generator or player wolf generator, something, anyway PW Gen, you can probably just Google
for it.
On sourceforge, PW Gen dash win dot sourceforge dot net, you can find that, and if I can
remember my phonetic alphabet, at papa whiskey golf echo november dash or hyphen, whiskey
india november dot Sierra oscar uniform Romeo Charlie echo foxtrot oscar Romeo G golf echo
dot november echo tango almost all the way through, but yes PW Gen dash win dot sourceforge
dot net.
If you, and I'm just going to try that, Google PW Gen, it is actually the first link there.
So what does it do, it generates passwords, now I'm sure you're saying so, but last
pass, yeah use last pass, I do, last pass is awesome, they even went free recently which
is even better, I mean I still actually pay them because I think it's worth making sure
they, they, they realize how useful it is, but basically last pass will do really long
passwords, it will remember, it will also fill few blah blah blah stuff, there's a ton
of cool things, I'm not sure if anyone's actually done an episode on last pass or passwords
in general, this is where I searched and I found that it was me that did one, I cannot
obviously see, I want to, who could do one, so there we go, yeah, someone has talked
about it, so I'm not going to go too much about it, I used last pass, I actually got worked
by last pass for, for use for, for our IT team, so that's very useful, but quite often
I will have to reset someone's password, I will need to tell them that password, well
your password, it's capital G, it's a lowercase U, it's the seven, it's star, star, yes,
yes, no, not STAR, there's the shift 8, shift, shift, you, you don't know what the key
shift is, and then I feel like I'm a character from the IT crowd, hello you from the past,
I apologize to everyone for that impersonation there, by the way, so PW Gen is a wonderful
little program you can run it portable, because a lot of people at work will not have the
ability to have local admin accounts, in fact you shouldn't be able to install stuff,
I work in IT, so I do know the local admin account and I have a domain admin account, but
my regular user account is not domain admin account install stuff, that's where it should
be your separate powers, so you know, separation of two into state, however you want to
explain it, but basically you should not have local admin, you should not have the
domain admin as your regular user account, it's a massive security risk, it's very useful
though sometimes, but you can run the portable version of PW Gen, and that means you don't
have to install it, so you run password Gen, there are bunch of options I'll quickly go
through some of these icons at the top are load, create, delete profiles, I've never
done anything with those, generate passwords based on a master password, I don't do that,
clipboard text encryption, left click or decryption right click, I don't do that, clear clipboard
text content only, I don't do that, change main configuration of the program, I don't
do that, over news manual, I don't do that, now if you need any of those stuff very cool,
there's a bunch of things that are great, I basically just use it for password generation,
so the three options you have are, number one, we have include characters or passwords,
number two include words, which is past phrases, so if you've read that xkcdr to the correct
horse battery staple, that's that one, and the last one is format password, now if you're
doing this for work, include characters, I used last past for that, I don't care, but
what you can do is have it make 12 upcase, lowercase numbers, so if I actually select that,
the default length is 12, character set is upcase, lowercase number, I hit generate, we
have lowercase a, lowercase o, the number six, capital T, capital G, lowercase q, lowercase
a, lowercase v, number five, number two, lowercase c, lowercase v, imagine on the phone,
what's my password, oh it's a lowercase a, lowercase o, number six, uppercase T, uppercase
G, lowercase, so are you writing this down, are you trying to type this in, lowercase
a, lowercase o, the number six, six, lowercase T, sorry uppcase T, T, no, not the, T is in
Thomas, M is in Mancy, no, so that's horrible to explain, I don't use that, number two,
include words, past phrases, defaults five, it pulls some random default word list, if
I generate that, we have sink, dorsen, muck, new, flow, that's better, one issue with that
is that it is just lowercase and spaces, it does not have anything else, the default
slightly complicated passwords in windows is three of the four of uppercase, lower, number
and special, this only has two, it has spaces which counts as special and lowercase, it
will fail, it does 25 characters as long as can along, but you can change the number
that's a three, but I do not use the words, I actually use format passwords, now if you
click on the format passwords on the right there is a blue question mark, if you click
on that question mark, it gives you the quick help, format specifiers have the form, quotes,
percent, open square brackets, star, close square brackets, open square brackets, n,
close square brackets, x quotes or really, really, dry isn't it, basically there's a list
of placeholders, two columns in the middle ish and it tells you what they are, percent
x is custom character set, that's set up in options, I don't worry about that, percent
a lowercase a is lowercase character and a number, percent capital a is uppercase, lowercase
numbers, things like that, the main ones you will want, percent d is digits, so the numbers,
percent u is uppercase, percent l, lowercase l is lowercase and percent s is special,
lowercase s, those are the big ones, there's also percent capital w which is words, so format
password, percent capital w, percent, lowercase s and percent, lowercase d, d, that is for
digit, if we generate that, it says rain number six, that's r e i n, what it's doing is
creating one word, one special, one digit, now, let's actually change that to percent
three uppercase w and hit generate, the uppercase w means words without spaces between them,
that is two, is seven c-bam, I guess, that's not really words, we'll come back to the word
list in a moment, but if I hit generate again, we're doing weird ones today, here we go, that's
a bit better, start link his land plus seven, that's reasonably good, assuming you can spell
and you know how to spell link, by the way, the obvious answer is how do you spell link is
that the animal or the connection, this one is the animals, it's lync, so you get a few
interesting words like that, but start link the animal, his land plus seven, you should be able to
write that out exactly as I have it in front of me, so if I've reset your password, you should be
able to look in exactly as that, it makes an 18 character password, it's nice and long, I can
go in through a whole episode of how stupid Microsoft get with their passwords and why anything
under a 14 character password, 14 characters are less, by the way, it's stupid in Windows,
basically old way of doing it, they split the 14 into two seven character passwords, you can
break them in like three seconds on any machine made in the last five years, useless, if you have
15 characters or more, it forces the new way, which will take here like years to break, so,
so 15, it's easy to read over the phone, it assuming people can spell, should be easy for them to
type in, and it is all lowercase, you don't have to be uppcase, s, lowercase, t, uppcase, a,
it's just start link his island plus seven, it matches the upp, uppcase, lowercase number,
special three of this four in this case, no uppcase, but lower, special and number, so it will
match the word, the Windows password requirements, complexity requirements, so it should be perfect in
all ways, now let's do another generate, win, slav, 85, open brackets, three, 85 is not a number,
sorry, 85 is a number, it's not a word, for some reason they have a very strange word list,
yes it's words, but it's also this at symbol and other things like that, I do not like that, now,
I did find a better word list, and I can't remember how I did it, I think I searched for a
Scrabble word list, and used 4567 character passwords, sorry 4567 character words,
and that was enough to give a nice selection, so we didn't have four single character passwords,
and oh I'm sorry your password must be eight characters or longer, whatever, this way it's long
enough, it's easy enough, Scrabble word lists four letters,
wordfind.com has four letter words, here we go, here's a bunch 403, so 4,030 words found,
and Chrome saying would you like to translate this page, interesting, but you could take something
like that, you can combine it with four and five and six and seven letter words, and again,
wordfind seems to have that, for example, so you could pull that down, I actually found a downloadable
version, you can use something like that, and it will give you a decent password, decent enough,
you can tell someone on the phone and explain it to them nice and clearly,
that's basically it, that is what I do now, what I do at work is, and if you run the program
if you're playing along at home, at the very bottom there is a random pool, it's entropy bits,
and says number over another number, this case mine says 591 of 256, as you move the mouse around,
as you click, as you type letters, it pulls that entropy in, it takes what numbers, what letters
the time between, I'm making this up, I haven't actually read the source code, but it's doing
something like this, it's taking the letters, the mouse movements, the time between it, the current
time, the, how big your hard drive is, how full it is, a bunch of random stuff like that, and
using that to seed this entropy pool, so the more you move the mouse around you do it, so what I
actually did, so I ran it, I worked all day and at the end of the day I generated the passwords,
it will, it doesn't require the entropy, it just makes better passwords if you do this, so my
entropy bits are now 731, and if I hit generate it will take 256, or so off, and now I am done to 219
256, oh now it's back up because I'm moving the mouse, but I'm waving like you can see my screen,
unless you work for the NSA you probably can't, so you move the mouse around and
there's a bar at the bottom, the more times you hit generate, the more it goes down the bar, and
then it shows how much entropy is remaining from this round of pool, the idea is that it's
better passwords, now I don't care really, if you're paranoid you can say yes, but I'm going to
reset someone's password, I'm going to phone them up, I'm going to say this is your password,
your password is, evolve, whack, myopia, pound sign 2, 19 characters, there we go,
takes sometimes a moment to figure out where the words split up, but you can copy and paste that
straight into active directory users and computers, right click reset password, paste that's the
password, bring the user up, your password is now evolve, whack, myopia number 2, okay myopia is
maybe a little difficult, so hit generate, p2 just rapid star 6, yeah that's not very good, Ivan
bulge, I don't, i-e-e-e, i-e-e, lux attic froze, bask even zan, so again some of them are a bit weird,
you may want to take common words, so list of common five letter words, comes up five letter words
free dictionary, the free dictionary dot com slash five letter words with hyphen's in between
dot htm, there's a bunch, so you can grab that and I don't know if it will let you download,
list, all right download list of common five letter words, this list stanford cs is a nice decent set
of words, there we go, excellent, so we can take that, I'm going to right click and save link
as url.com, now let's take that file save sgb words dot text, I'm going to just throw that into
wherever I put the password generator, which I can't remember, there, now back in the password
gen program, we have, if I can find where it was, under the include words, there is the word list
file, and it says default, drop down, we can actually do the magnifying glass and find five words,
open that, it pulls that in now, if I do generate password, we will have hyped nix
beaters, beaters, depending on how you want, apostrophe five, mayor wool's hypo's number eight,
croft admi, uh, wait, croft admi x lipid star one, all right, so if I came up, I would skip that,
toadie digit grist, open brackets six, or open parentheses, see my previous episode for,
well several episodes ago for mayor complain about brackets and parentheses, it's shift nine,
however you want to call it, I call it brackets, that was the English thing, it seemed shut up,
uh, trait ponds latex number two, so that's a decent enough, it's 17 characters, I'm using
three five letter words, a special and the number that will make 17 characters, that's decent enough,
what I actually do is there is a button, uh, slightly above where the generator password is
says multiple passwords 100, I'm going to click generate, and that will give me in, sort of
notepad looking file, 100 passwords generators, security of each password is 45 bits, maximum
security of the entire list is 256 bits, here we go, group wrap, so wraps, visor, until the zero,
float jimmy's, uh, jimmy stony, maybe I'll jimmy's tony, I'm not sure, no five letter has to be jimmy
stony plus five, whiz, anti, anti's neons, greater than two, medic, haiku, or haiku, however you
pronounce that one, uh, stubs pipe seven, brads, event, uh, wait brads, event, i-v-i-v-i-e-d,
all right, again skip that one, that's complicated and that would be difficult to explain, um,
so I go through this list and I basically throw it into a text file, next time someone needs a
password reset, okay, right, your password is clack, spores, sandy slash seven, so a clack,
spore, singular, sandy slash seven, that's generally easy enough that you can explain over the phone,
on the assumption the other person can spell, yes it does quite frequently come up, they can't
apparently, but generally it's pretty good, it's a nice secure password, it's easy enough that they
can write it in, and generally it's pretty good, is it perfect, no, but it's pretty good, it's
pretty easy to explain it over the phone, you don't have to go through the, it's mancy, m as in mancy,
is that m or n, or did you say d, or t, or e, or g, or so it's a word, generally people have heard
words, you pick common words, it's pretty good, is it perfect, like I said, no, absolutely not,
but it ain't bad, and it is more secure than just saying, well I work for Microsoft,
your password is now Microsoft one, but the capital m for Microsoft, like everyone else is
password, or it's Friday, so it's Friday one, or summer 2017, because you have to change a
password once a quarter, so therefore you just pick which month, or which season, or something,
and then the year, everyone does that, and if anyone's trying to hike your password, that is
always the ones they try, I'm pretty sure at work if I, and I do occasionally run to check against
people's passwords, summer 2017 would be people's passwords, I'm pretty sure I could find something
based on the company name, I'm pretty sure that let's say our default was password one, it's not
but let's say it is, I'm pretty sure I could find password one, or password two, or password three,
as a general password, so this is a fairly easy, and it kind of sort of teaches that the user's
look, it's a decent enough password, it's better than what you were using most likely, so let's just
do that, so trade pons latex number two, that's your password, there you go, it should be good enough,
like I said, pwgen, very cool program, if you're doing that sort of thing,
if you're using it for anything more than temporary passwords, or low security passwords,
use last pass, or one pass, or dash lane, or whatever the others are, I use last pass,
so that's my personal recommendation, but any of the passwords managers will work,
but if you need something, low security, low importance, and I know someone's password is important,
but because it's big, you check the make user reset their password, password general will work,
very well for that, that's it, I've been zoke, that's it, you have a fantastic day, and I've talked to
you, hopefully, a lot sooner than my last episode, which was two years ago now, it's been a while,
anyway, in the words of the guy from Independence Day, I'm back!
We are a community podcast network that releases shows every weekday, Monday through Friday,
today's show, like all our shows, was contributed by an HPR listener like yourself,
if you ever thought of recording a podcast, then click on our contributing to find out how easy it
really is, Hacker Public Radio was founded by the digital dog pound and the infonomicum computer
club, and it's part of the binary revolution at binrev.com, if you have comments on today's show,
please email the host directly, leave a comment on the website or record a follow-up episode yourself,
unless otherwise stated, today's show is released on the creative comments,
attribution, share a like, 3.0 license.
Reference in New Issue View Git Blame Copy Permalink