generating random passwords
tedm at toybox.placo.com
Thu Jun 12 02:56:16 UTC 2008
> -----Original Message-----
> From: owner-freebsd-questions at freebsd.org
> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Jos Chrispijn
> Sent: Wednesday, June 11, 2008 12:29 PM
> To: freebsd-questions at freebsd.org
> Subject: Re: generating random passwords
> Bill Campbell wrote:
> > I much prefer apg which can generate more-or-less pronounceable
> > passwords which it is possible to remember (at least after typing
> > them a few times :-).
> This is not supposed to be an offense to any author of a password
> generator, but:
> Never, but never trust any random password generator. You do not know
> the author, you do not know the algoritm it uses and in worst case
> scenarion you do not know if there is a millisecond traffic to somewhere
> that is recording the generated password.
This issue is very easily solved with open source code, as you
can simply read the code before running it. That is one of the
reasons that most crypto implementations that people trust
to actually keep things private are open source.
> > One of the biggest problems with random passwords is that they
> > end up written on yellow-stickies on the monitor or under the
> > keyboard.
> You don't need a generated password for that; it is common behaviour for
> people that aren't involved in any responsibility whatsoever.
Such as people who don't read the source for any password generator
before running it?
More information about the freebsd-questions