Date: Wed, 11 Jun 2008 19:57:22 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Jos Chrispijn" <jos@webrz.net>, <freebsd-questions@freebsd.org> Subject: RE: generating random passwords Message-ID: <BMEDLGAENEKCJFGODFOCEELPCFAA.tedm@toybox.placo.com> In-Reply-To: <4850277C.209@webrz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Jos Chrispijn > Sent: Wednesday, June 11, 2008 12:29 PM > To: freebsd-questions@freebsd.org > Subject: Re: generating random passwords > > > Bill Campbell wrote: > > I much prefer apg which can generate more-or-less pronounceable > > passwords which it is possible to remember (at least after typing > > them a few times :-). > > > This is not supposed to be an offense to any author of a password > generator, but: > Never, but never trust any random password generator. You do not know > the author, you do not know the algoritm it uses and in worst case > scenarion you do not know if there is a millisecond traffic to somewhere > that is recording the generated password. This issue is very easily solved with open source code, as you can simply read the code before running it. That is one of the reasons that most crypto implementations that people trust to actually keep things private are open source. > > One of the biggest problems with random passwords is that they > > end up written on yellow-stickies on the monitor or under the > > keyboard. > > > You don't need a generated password for that; it is common behaviour for > people that aren't involved in any responsibility whatsoever. > Such as people who don't read the source for any password generator before running it? Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BMEDLGAENEKCJFGODFOCEELPCFAA.tedm>