[ List Archives Home ] [ Thread index for 2008 ]
[ Date index for 2008 ]
[ Author index for 2008 ]
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
It should be easy to make your own. The code is but a mere snippet. A good
choice of program for a beginners' assignment after the inevitable first
program called "hello world".
Would there be a liability issue if it were hacked?
Ultimately, the password is only as good as the random number generator it
uses & many of those are pretty quirky and repeat in peculiar ways. The more
passwords get generated with a particular program, the more obvious the
flaws of that program will become to those who wish to compromise it.
Including a program with an operating system would be the worst possibility
from the point of view of security because everybody would have in some
sense the same password. Eventually someone would find a way to
systematically compromise that brand of software generated password & users
of that brand of password would be free to be abused.
Also, requirements of passwords on different applications vary, making
different sets of rules that each will follow to help reduce the insecurity
inherent in the password (e.g. case sensitive? include numerics? any other
characters? if so, which ones? max length? min length? ideal length to avoid
an app's inherent encryption flaws? ... ad nauseum)
Sort of defeats the ease of use of the generator unless you need a lot of
passwords.
Also, generated passwords tend to be more difficult to use because they are
not mnemonically inspired--that is they look random. This means that when
you forget it, the little question supposed to help you remember would be of
no use.
That said, I probably have one lying around that you can have for free on
the understanding that the resulting "password" is not intended to make
anything secure and that it exists solely for the purpose of abdicating your
personal responsibility of choosing a password so you can jump through hoops
to satisfy a computer program.
If the option still sounds appealing, contact me off list.
Zoltan Tomory
zoltan dot tomory at mobot dot org
-----Original Message-----
From: Craig A. Summerhill [
mailto:summerhi at unr dot edu]
Sent: Wednesday, August 03, 2005 3:13 PM
To: IUG INNOPAC List
Subject: Re: password generator
On 2005-08-03, Candace Lebel wrote:
>
>I just ran across a really nice password generator extension to
>Firefox called SecurePassword Generator.
Yeah, that's a useful little XPI.
A long time ago, in a distant galaxy, most of the major players
in the BSD *nix operating system world (DEC, IBM, AT&T, Sun)
included a utility within their operating systems called "mkpasswd".
You could specify the length of the password with the "-l" flag,
and because it was command line oriented... it was really useful
when you needed to generate a lot of passwords at one time (like
the beginning of the semester for a new class of students). E.g.
#!/bin/csh
set accts = `cat new_account_names.txt`
foreach n ($accts)
echo ${n} >> output.txt
mkpasswd -l 10 >> output.txt
next
Sun still includes the "mkpasswd" utility w/ Solaris. I'm not sure
about HPUX, Compaq Tru64, and MacOSX to be honest, but it seems to
have gradually disappeared as more and more System V Release 4 stuff
crept into those operating systems, and security became a greater
concern. The utility is noticeably absent in Red Hat Linux. I'm
sure some enterprising young hacker has found the source code and
makes an RPM available, but Red Hat doesn't support it...
--
Craig A. Summerhill
Applications Development Librarian
University of Nevada, Reno
Getchell Library 174A / Mail Stop 322
1664 North Virginia Street
Reno, NV 89557-0042
(775) 784-6500 x227
<summerhi at unr dot edu>
--
This message was distributed through the Innovative Users Group INNOPAC list
Public replies: INNOPAC at innopacusers dot org
Update your subscription options:
http://innopacusers.org/mailman/listinfo/innopac
--- StripMime Report -- processed MIME parts ---
multipart/alternative
text/plain (text body -- kept)
text/html
---
Home
Mailing list