Re: Generating passwords

From: David Webb (david20@alpha2.mdx.ac.uk)
Date: 12/09/02


From: david20@alpha2.mdx.ac.uk (David Webb)
Date: Mon, 9 Dec 2002 17:47:52 +0000 (UTC)

In article <thvv-E359DB.10021909122002@news.comcast.giganews.com>, Tom Van Vleck <thvv@multicians.org> writes:
>FIPS standard 181 describes an approach
>for generating "pronounceable" passwords for
>a language. Code that does this in Java and
>C++/C is available; start with
> http://www.multicians.org/thvv/gpw.html
>
>Understand that
>- passwords are obsolete: they are sniffable and crackable

Sniffable only if sent over an unencrypted (or poorly encrypted ) link.
Crackable only if you can get at them either because they were being passed
over an insecure link or they are being stored on the system in an insecure
area eg in /etc/passwd on a Unix system rather than in the shadow password
file (or of course being stored on a hacked system).

Passwords are still the most widely used authentication method.

They are supported by pretty much every OS. Unlike other authentication methods
they are inexpensive to implement.
They are not prone to false positives and false negatives like biometric
systems.

David Webb
VMS and Unix team leader
CCSS
Middlesex University

>- generated passwords can't be more random than
> your input source of randomness



Relevant Pages

  • Re: Generating passwords
    ... > Passwords are still the most widely used authentication method. ... > They are not prone to false positives and false negatives like biometric ... > VMS and Unix team leader ...
    (comp.security.unix)
  • RE: How to authentificate an user via telephon?
    ... > authentication method. ... > allows you to manage multiple passwords in a secure 448bit blowfish ... > encrypted storage. ...
    (Security-Basics)
  • Reset/Change Password for Mail box using EPF
    ... in the POP3 server, and I am using the Encrypted Password File ... authentication method. ... How can the users change their mail-box passwords, ...
    (microsoft.public.inetserver.iis.smtp_nntp)