•Re: A reasonable temporary password generator?

Passwords have a lot of different contexts. You don't mention how this is going to be used.

If it's for crypt(3) (like a basicauth password), characters past the 8th don't make any difference, for example. If it's for a human, it'd be nice to be somewhat pronouncable. If it's merely to confirm that an email address is the right one via a round-trip, it can be 64 hex characters instead.

So, tell us more about how this is to be used, and you'll get better answers.

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

Comment on •Re: A reasonable temporary password generator?

Replies are listed 'Best First'.
Re: •Re: A reasonable temporary password generator? by Your Mother (Archbishop) on May 10, 2003 at 11:37 UTC
Good question; sorry I didn't give more. This would just be a placeholder for a new website user account registration, or for a lost password reset, probably md5'd into a DB, no SSL or htpasswd in this case.	[reply]
•Re: Re: •Re: A reasonable temporary password generator? by merlyn (Sage) on May 10, 2003 at 11:43 UTC
In that case, since a human would have to enter it, I'd stick with 6-to-10 alphanumerics only, but run it past cracklib to make sure it's not trivially brute-forceable, and also have some mechanism to ensure that it gets changed on first use. -- Randal L. Schwartz, Perl hacker Be sure to read my standard disclaimer if this is a reply.	[reply]
Re: •Re: Re: •Re: A reasonable temporary password generator? by Your Mother (Archbishop) on May 11, 2003 at 07:59 UTC
Yeah, good point, I wasn't thinking of user-friendly and I should be. More friction means fewer users.	[reply]