Passgen tool from my book

Way back in 2005, Jesper Johannson and I wrote Protect Your Windows Network. It’s still available, and although its product set is now somewhat dated (Windows XP and Server 2003), much of the practical advice about security policies, social engineering, security dependencies, and how to think about security remains relevant. That’s because we strove to write something more lasting than a simple configuration guide.

On the CD-ROM accompanying the book we included a tool called Passgen. In the book, we recommended that you maintain separate passwords on every local administrator and service account in your enterprise. This is, of course, almost impossible to manage without something to automate it for you. That’s what Passgen does. The tool generates unique passwords based on known input (an identifier and passphrase you define), sets those passwords remotely, and allows you to retrieve them later.

For a while Jesper maintained a web site for the book, running on a server in his house. His ISP changed policies and made it impractical to continue running the site. But because the tool is still so useful, I’ve put a copy in my SkyDrive—look in the “Passgen” folder.

Also, note that I’ve put a new section in the right-side column, “Resources for you.” Here’s where I’ll keep links to bits and pieces that many of you will find relevant and interesting.

Update. A few readers have informed me that the SHA-1 hash printed in the README.DOC doesn’t match the actual hash of passgen.exe. Jesper made a few changes and recompiled the tool. The correct hash is now:

fa19722348e9e0603f24c0ef9fc715010403bcfa

I’ve updated the README file with the new hash. Also, passgen.exe has a digital signature, and you can check its details if you’d like.

Published 29 September 08 01:42 by Steve Riley
Filed under: ,

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# Brendon said on September 29, 2008 11:26 PM:

Thanks for putting your power point slides up on skydrive :)

# jack wilson said on September 30, 2008 5:42 PM:

The SHA-1 hash doesn't match the one in the Readme doc. The hash that I get is fa19722348e9e0603f24c0ef9fc715010403bcfa    

Thanks,

-jack

# Patrick said on October 2, 2008 9:30 AM:

Jack, that's the same hash I'm getting. Steve, is this the right file?

# Steve Riley said on October 2, 2008 12:56 PM:

I get the same hash. It's the latest version of the tool from Jesper. I'll follow up with him to see what changes he made after we wrote the appendix for 1.1.

# Steve Riley said on October 2, 2008 4:28 PM:

Yes, Jesper made some changes, that's why the hash you see is different than the one in the readme. The .exe also has a digital signature, too. I'll update the blog posting to reflect the changes.

# Neil Carpenter's Blog said on October 22, 2008 2:52 PM:

Occasionally, I see a security incident where one of the things that went wrong was that all of the customer's

# Not only Security said on November 27, 2008 9:13 AM:

My favorite passgen is a random kick on keyboard :). Please add Visual Interface to the program if you have some spare time.

# Steve Riley said on December 1, 2008 1:14 AM:

Yeah, but what if you ever need to retrieve the password for some reason? ... I doubt Jesper will make further modifications to the tool, he's very much a command-line junkie :)

Leave a Comment

(required) 
(optional)
(required) 

Search

Go

This Blog

Syndication

Page view tracker