YA random password generator :-)
Steven M. Haflich
smh at mit-eddie.UUCP
Sun Aug 26 00:28:57 AEST 1984
brian at digi-g.UUCP suggests:
Why not just use the name of a scroll in rogue?
'bieurdan pluviv elmon'
This would be a poor idea because the Rogue scroll names are selected
from a *small* repertory of syllables, and consequently there is a
fairly small domain of possible names -- perhaps numbering only in the
thousands.
Passwords work because it takes a significant amount of time for a
computer to encrypt the cleartext before the result can be compared
against the public (/etc/passwd) encryption. The domain of possible
cleartext passwords must be sufficiently huge so that exhaustive search
is prohibitive. Most non-high-tech approaches to password cracking
narrow the search space in hope that some passwords selected by users
will be found in the smaller domain -- e.g., common names, or an English
dictionary.
You must assume crackers will know the algorithm which selects
machine-assigned passwords, and hence its output range, you must ensure
that the range is huge, and its operation impossible to analyze. For
example, selection algorithms which depend in some way upon clock time
fail because a cracker can learn via lastcomm approximately when the
password was selected, greatly narrowing the range to be searched.
Steve Haflich, MIT
More information about the Comp.unix.wizards
mailing list