> -----Original Message-----
> [mailto:[EMAIL PROTECTED] Behalf Of Jos Chrispijn
> Sent: Wednesday, June 11, 2008 12:29 PM
> To: freebsd-questions@freebsd.org
> Subject: Re: generating random passwords
> Bill Campbell wrote:
> > I much prefer apg which can generate more-or-less pronounceable
> > passwords which it is possible to remember (at least after typing
> > them a few times :-).
> >   
> This is not supposed to be an offense to any author of a password 
> generator, but:
> Never, but never trust any random password generator. You do not know 
> the author, you do not know the algoritm it uses and in worst case 
> scenarion you do not know if there is a millisecond traffic to somewhere 
> that is recording the generated password.

This issue is very easily solved with open source code, as you
can simply read the code before running it.  That is one of the
reasons that most crypto implementations that people trust
to actually keep things private are open source.

> > One of the biggest problems with random passwords is that they
> > end up written on yellow-stickies on the monitor or under the
> > keyboard.
> >   
> You don't need a generated password for that; it is common behaviour for 
> people that aren't involved in any responsibility whatsoever.

Such as people who don't read the source for any password generator
before running it?

freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to