From owner-freebsd-questions@FreeBSD.ORG Thu Jun 12 02:56:16 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8E0AA106566C for ; Thu, 12 Jun 2008 02:56:16 +0000 (UTC) (envelope-from tedm@toybox.placo.com) Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [65.75.192.90]) by mx1.freebsd.org (Postfix) with ESMTP id 4C3818FC19 for ; Thu, 12 Jun 2008 02:56:15 +0000 (UTC) (envelope-from tedm@toybox.placo.com) Received: from TEDSDSK (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) by mail.freebsd-corp-net-guide.com (8.13.8/8.13.8) with SMTP id m5C2uExF010383; Wed, 11 Jun 2008 19:56:15 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Jos Chrispijn" , Date: Wed, 11 Jun 2008 19:57:22 -0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1914 In-Reply-To: <4850277C.209@webrz.net> Importance: Normal X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (mail.freebsd-corp-net-guide.com [65.75.192.90]); Wed, 11 Jun 2008 19:56:15 -0700 (PDT) Cc: Subject: RE: generating random passwords X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jun 2008 02:56:16 -0000 > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Jos Chrispijn > Sent: Wednesday, June 11, 2008 12:29 PM > To: freebsd-questions@freebsd.org > Subject: Re: generating random passwords > > > Bill Campbell wrote: > > I much prefer apg which can generate more-or-less pronounceable > > passwords which it is possible to remember (at least after typing > > them a few times :-). > > > This is not supposed to be an offense to any author of a password > generator, but: > Never, but never trust any random password generator. You do not know > the author, you do not know the algoritm it uses and in worst case > scenarion you do not know if there is a millisecond traffic to somewhere > that is recording the generated password. This issue is very easily solved with open source code, as you can simply read the code before running it. That is one of the reasons that most crypto implementations that people trust to actually keep things private are open source. > > One of the biggest problems with random passwords is that they > > end up written on yellow-stickies on the monitor or under the > > keyboard. > > > You don't need a generated password for that; it is common behaviour for > people that aren't involved in any responsibility whatsoever. > Such as people who don't read the source for any password generator before running it? Ted