in reply to Random String Generator

Truly gibberish passwords are the first things to get written on PostIt™ notes and stuck to the keyboard. It may be useful for the "initial one-time password" before a user is required to change it, but it's not a good idea to enforce uncomprehensible passwords.

If I ever have to create a random password generator, I would hope to develop it to generate memorable yet strong passwords. The kind of passwords I recommend to newcomers.

Freedom is under attack --George W. Bush
freedom 1s under Attack --george w. Bush
 Password: f1uAgw.B

--
[ e d @ h a l l e y . c c ]

Replies are listed 'Best First'.
Re: Re: Random String Generator
by nimdokk (Vicar) on Jun 04, 2003 at 16:25 UTC
    Thats a good point about. We actually change the passwords on the user once a month. This is not for your typical user access to a network or system.

    "Ex libris un peut de tout"

[reply]
Re: Re: Random String Generator
by Juerd (Abbot) on Jun 04, 2003 at 16:29 UTC

    freedom 1s under Attack --george w. Bush
    Password: f1uAgw.B

    I bet many Monks will now change their password to Japh,\n

    If I ever have to create a random password generator, I would hope to develop it to generate memorable yet strong passwords.

    You mean like the ones that Crypt::PassGen and pwgen create?

    Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }

[reply]
[d/l]

      No, I said strong passwords. From Crypt::PassGen: "This module should not be used for high security applications (such as user accounts) since it returns passwords that are not mixed case, have no punctuation and no letters [sic]. This word can be used as a basis for a more secure password." Anything can be used as a basis for more security.

      The lack of ANY discussion on pwgen's sourceforge project site or home page leads me to dismiss it. I'm not going to go slogging through their source code to determine their methods and analyze whether it's strong or weak-- at least, not until I hear their own analysis and agree with their executive summary of proper security methodology.

      --
      [ e d @ h a l l e y . c c ]

[reply]

        pwgen is somewhat better than Crypt::PassGen. 

        2;0 juerd@ouranos:~$ pwgen   
Sah1tohl dieC3bei Che2megu Sheicoc6 Booth2ha Fair6mei vaiSaij2 Bohlu6c
+o
We5quaep cae5Gioh geeBaic3 vah8Mait Caco5zah moh4veYu Laan0cai Xi2thei
+m
saevai7L Shahp3zu Beiv2tot moi5gieZ Du3sheig ciiv5Yah theRie7b wePo2ba
+h
si0yahKi nukahk8C hahvooG2 Baa1soor tu5teNie Hei6gedi Quaith0k miSh7ph
+e
Doo4vaiv kah4moKa booPo3gi siNg2wie poot6Nei Voh2teif Te2kiepe Quoo6th
+u
fiem1Thu wooTh5wu Daes6cah Lu7xoloo Vai0thae kooyah5J Bee2rahr chaiGh0
+c
Long4jee Bae8feih Chohph8b boQuaig5 Haexaw1k phu0Lire vubie1Ku Toh3boo
+l
cohWie4d vungaf7Y Boovah5n Lail0chi phu4Jeeh Bah6shoh yeiW0tho Ba8toto
+h
Teevee1f Guafay5w Phai4vai no4zaeNu tai0Rasa Naij8nah deiVeis1 Phoh8ph
+e
geiLiew1 Hi3cheng Baech5ru siYo8rei baila4Bo shuY3voo Haacoh5h ya6Hoph
+u
Li4chowe doeGhes0 Dekei0ka Buich1sa Joh4pugh We1wiesh so5vohFi Botif1x
+o
liiR8phu Bifeequ0 vieKuf6t phah3Nai tei5sieG thee7Cek Mei7kait Guo3zoh
+j
loaCoo7w cei3tieP phaeLu4w liMe4car ruGiw4ye beFe2mai Xioxo6li Theizot
+0
Rai1jexi ceezae5X ma7Jihae yaD7chab Phaith2m Cahyith8 Taengie1 Quai3de
+i
fo8kooXu Xia8deed Fae5thoh Xonae7fu reeJ2mai rau5neiV toaNou6h Paelee8
+m
Woth4ree sai0Zisi fie4Miez vi1Laeni Thie5xee Taxee0ye faiL3vee tau3Que
+e
zah1raCh Pohd0phi Tookax5s kai0baiS wahP5qui Haima2vo Shae4boh leePee8
+g
doco4Phu Pahvi0qu nae2Thah Va0yiese johT5rie yiHuqua7 Jeegaht7 wie6Dij
+o
raexo8Sh Keeghal4 kooS4gie phaSoo5d Lie7jaib mieC6bae rooGae3j yahhae1
+H
cohNg1mo do8baPei Lung0vup Cu1pahha waoNgu6v Duidaik3 Jeirahw8 We4teet
+h

        [download]
        It doesn't use punctuation, but in my opinion that is a Good Thing (TM).

        Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }

[reply]
[d/l]

In Section Cool Uses for Perl