[Gllug] Random password generation
David Irvine
co2cool at yahoo.com
Mon Sep 10 22:46:48 UTC 2001
Bruce Richardson wrote:
>I wrote a little script that generates random passwords and then put a
>page on our intranet site so that our users could take advantage of it
>(in the possibly vain hope of increasing user security a little). It
>offers several different ways to generate the passwords, not all of which
>are massively safe but you can't force users to use passwords they just
>won't remember and it's better than them all using "fred" or the name of
>the season.
>
>So I'm looking for useful random password programs/mechanisms I can add.
>Suggestions?
>
>One of the methods I tested was to pick 2 or more dictionary words and
>join them with a random non-alphanumeric character (I know, I know but
>for our more forgetful users it's better than nothing). This has the
>surprising result of creating a high proportion of suggestive, bizarre or
>downright obscene password combinations. This is especially true when
>generating passwords for users in the NT domain, which has a 14 character
>limit. Some examples:
>
>fluffy-probe
>jumbo-fine
>silk-bathes
>bras-eject
>unfit-bowers
>caking-sundry
>flirts-silky
>spurt-awaited
>wan-cocked
>manure-minis
>
>Management asked me to remove that option because some staff were
>spending all their time generating passwords. Ho hum.
>
What about integrating two words the same size together, so for example
big hat would become bhiagt and you could reverse it as well, and add
random charecters or go for the 1337 approach.
HTH
David
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list