Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

RE: Ethics of Passwords

by Hot Pastrami (Monk)
on Aug 15, 2000 at 19:15 UTC ( [id://27940] : note . print w/replies, xml ) Need Help??

in reply to Ethics of Passwords

Here's what I'd do... one-way encrypt the users' passwords in storage, but send a one-time e-mail to their provided address which reads "Keep this message for future reference." However, one shouldn't underestimate the clever destructiveness of the generic-brand user.

If the occasion should arise that you NEED to e-mail the user a password, and you are concerned that the user may object to "sDFf34ggR," you might have one randomly auto-generated by combining 2 or more words from a LARGE list of pre-selected words, so you'd get things like "MONKEYCHAIR" and "FRISKYPERL". Heck you could even tack a random 2-digit number on that if you want a little more security; most of the level-headed users won't complain about only TWO random digits (I know, when I say "most of the level-headed users" it is more correct to say "'both' of the level-headed users"). Such passwords are quite easy to remember.

Alan "Hot Pastrami" Bellows
-Sitting calmly with scissors-

Replies are listed 'Best First'.
RE: RE: Ethics of Passwords
by young perlhopper (Scribe) on Aug 19, 2000 at 08:34 UTC
    Unfortunately, this is not such a great idea. The average person has a vocabulary of between 2000 and 5000 words (i'm not totally sure about those numbers, but i'm on the same order of magnitude). So assuming you can use up to 5000 words and make things easy to remember (which is the whole point), that gives you a search space of 25,000,000. That would be crackable minutes. Add on two random digits increases the search space by a factor of 100. That gives you 2,500,000,000 passwords to check, which is checkable in an hour or two at the most.

    Bottom line is, dictionary words never make secure passwords. English text only has about 1.5 bits of entropy per letter. At work, we strongly discourage our users from using dictionary words from any language