[Gllug] Random password generation
Steve Cobrin
cobrin at highbury.net
Tue Sep 11 00:37:29 UTC 2001
Generally this is a BAD (tm) thing to do. Basically, people will just add
the the algorithm, or even 10,000 or so generated passwords from your
web-page and squirt them into their "Crack" or "John" password cracking
programs.
There are however several password generating programs out there, just
quickly checking on my SuSE system "pwgen", check through Google. Also
Practical Unix and Internet Security (page 262) mentions "mkpasswd"
-- Steve
On Mon, 10 Sep 2001, Bruce Richardson wrote:
> I wrote a little script that generates random passwords and then put a
> page on our intranet site so that our users could take advantage of it
> (in the possibly vain hope of increasing user security a little). It
> offers several different ways to generate the passwords, not all of which
> are massively safe but you can't force users to use passwords they just
> won't remember and it's better than them all using "fred" or the name of
> the season.
>
> So I'm looking for useful random password programs/mechanisms I can add.
> Suggestions?
>
> One of the methods I tested was to pick 2 or more dictionary words and
> join them with a random non-alphanumeric character (I know, I know but
> for our more forgetful users it's better than nothing). This has the
> surprising result of creating a high proportion of suggestive, bizarre or
> downright obscene password combinations. This is especially true when
> generating passwords for users in the NT domain, which has a 14 character
> limit. Some examples:
>
> fluffy-probe
> jumbo-fine
> silk-bathes
> bras-eject
> unfit-bowers
> caking-sundry
> flirts-silky
> spurt-awaited
> wan-cocked
> manure-minis
>
> Management asked me to remove that option because some staff were
> spending all their time generating passwords. Ho hum.
>
> --
>
> Bruce
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list