xkcdpass is a password generator inspired by the famous xkcd 936 a webcomic, which shows a method on how to create passwords easy to remember for a human, but hard to crack using nowadays computers. In fact xkcdpass is the lazy version of the EFF dice generated passphrases method, it is using the EFF word files to generate a passphrase, but with a random generator algorithm. For real random passphrases use the EFF dice method.
xkcdpass generates following passphares without additional options. The passphrase has 6 short words like in example below:
Consulting -h the help file is a clever thing to do:
xkcdpass --help
usage: xkcdpass [-h] [-w WORDFILE] [--min MIN_LENGTH] [--max MAX_LENGTH]
[-n NUM_WORDS | -a ACROSTIC] [-i] [-v VALID_CHARS] [-V]
[-c COUNT] [-d DELIM] [-s SEP] [-C CASE] [--allow-weak-rng]
optional arguments:
-h, --help show this help message and exit
-w WORDFILE, --wordfile WORDFILE
Specify that the file WORDFILE contains the list of
valid words from which to generate passphrases.
Provided wordfiles: eff-long (default), eff-short,
eff-special, legacy, spa-mich (Spanish), fin-kotus
(Finnish) ita-wiki (Italian), ger-anlx (German), nor-
nb (Norwegian)
--min MIN_LENGTH Generate passphrases containing at least MIN_LENGTH
words.
--max MAX_LENGTH Generate passphrases containing at most MAX_LENGTH
words.
-n NUM_WORDS, --numwords NUM_WORDS
Generate passphrases containing exactly NUM_WORDS
words.
-a ACROSTIC, --acrostic ACROSTIC
Generate passphrases with an acrostic matching
ACROSTIC.
-i, --interactive Generate and output a passphrase, query the user to
accept it, and loop until one is accepted.
-v VALID_CHARS, --valid-chars VALID_CHARS
Limit passphrases to only include words matching the
regex pattern VALID_CHARS (e.g. '[a-z]').
-V, --verbose Report various metrics for given options.
-c COUNT, --count COUNT
Generate COUNT passphrases.
-d DELIM, --delimiter DELIM
Separate words within a passphrase with DELIM.
-s SEP, --separator SEP
Separate generated passphrases with SEP.
-C CASE, --case CASE Choose the method for setting the case of each word in
the passphrase. Choices: ['alternating', 'upper',
'lower', 'random', 'first', 'capitalize'] (default:
'lower').
--allow-weak-rng Allow fallback to weak RNG if the system does not
support cryptographically secure RNG. Only use this if
you know what you are doing.
Easy to remember passwords. 5 generated random examples to show the possibilities of passphrase creations:
verkauft schulter plant luftwaffe weltweit übrigens tokio gestärkt neben anderswo gekostet fliegen stichtag stadion ändert liebhaber geschickt dezember keine gehabt
This is using the xkcdpass default settings, it takes 6 words with the default settings.
stichwort physiker christen problem ausschluß schüler guten presse belohnt mensch besetzung vermögen erster erinnern treiben ironie studierte liberalen
Useful tool for generating passphrases. Really long passwords that are easy to remember for a human.
Avoid third party tools when possible, to keep things simple and easy without additional dependencies. Sometimes it is unavoidable, and with the ansible version 2.10 ansible has been split up in separate packages. There is now ansible and ansible-core. Native and 3-rd party plugins now can be installed using the ansible-galaxy command, this is quite new. The ansible-galaxy tool manages the plugins ansible uses, and there are hundreds of them. Ansible has split working code and the data. The data has been split up in official and community. More information about it found at the official ansible website ROADMAP, the CHANGELOG file on github and the official ansible porting guide to ansible-base.
The goal of this article is to use ArubaOS with ansible v2.10. The running configuration is to be saved to a TFTP server. This is a write up from scratch, so the only things that are working now at the moment are a couple of switches a running gentoo app-admin/ansible version 2.10.1 installation using python3.7 and a working TFTP server. The ansible directory is empty.
In this example the 3800 series switches and 5400zl switches are used. The naming convention is prefix S, switch, 3k and 5k is the product series number:
- Aruba 5400 (S5k)
- Aruba 3800 (S3k)
Each switch series needs to have its specific firmware binary. To preserve the overview over the switches and series, variables can be set the group_vars directory. Each switch series has its own .yml file, below in the example S3k and S5k, and there is a global configuration called all.yml. This is how the ansible directory is looking by now. There is also a vault.yml file which contains authentication credentials (user and password). Howto configure vault authentication is described in the 4-th example of the Ansible credentials management article. 2 playbooks, 3 group vars, and the hosts file: