[BC] Password Generator

Cowboy curt
Tue Feb 14 08:08:07 CST 2006 

On Monday 13 February 2006 10:44 pm, Sherrod Munday wrote:
>On Monday 13 February 2006 11:55, Bill Brister wrote:
>> You can get a small program free for the download that generates passwords
>> like this. Its at www.quickysoftware.com. I used it for a long time until I
>> purchased RoboForm which has a built in password generator.
>
>Or, you can use the rand() function in many spreadsheet programs to generate a 
>random number (usually between zero and one). 

 //snip//

 The big problem with generating passwords in this fashion, is that it's not
 a word, difficult to remember, and tends to end up as a post-it on the machine
 to which it applies. That's about as good as no password at all.

 If these are used as totally automated passwords for some purpose, then
 a back door is necessary in case one of those machines fails, and the
 password needs to be reset, which kinda defeats the purpose of these
 "passwords" in the first place.

 It's my opinion and practice to generate passwords based on some easily
 remembered phrase, like every fifth letter of a favorite book title, with
 appropriately placed capitalizations, and preferably including characters
 that Micro$oft deems "illegal" in a password, and until VERY recently, simply
 a few more characters than Micro$oft would allow, would provide security
 against 99% of the crackers out there anyway !

 Real security is not an easy thing. This is why we can expect to see more
 retinal scanners, implanted chips and the like.
 ( though the 1024 bit PGP type keys used by ssh are pretty good ! )

 What truly amazes me, are the number of systems out there where I still
 find that the password is either "password" or "Password" !!

 Of course, if I have physical access to the machine in question, then the
 whole question of passwords it moot, except in the case of encrypted
 files and/or file systems.
 That's why at one sometimes client, it takes two authorizations from two
 already authorized people to get past the two armed security guards just
 to use the physical key ( which the guards do not have ) to gain access
 to the system console, where one can then enter a password.
 Obviously, that's not a broadcast client !
 ;-)

-- 
Cowboy

http://cowboys.homeip.net

Experience varies directly with equipment ruined.

More information about the Broadcast mailing list