If you used something like cracklib to verify the passwords generated, any random character generator would be sufficient.
Cracklib, which has been around forever, mostly validates against dictionary words. Interesting to note that the dicts that come with cracklib include Star Wars and Star Trek as well as Monty Python references, making it difficult to use your geek entertainment knowledge to bypass the dictionary checking routines. On Thu, 24 Feb 2005 12:57:10 -0500, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Joseph Mack PhD, High Performance Computing & Scientific Visualisation > LMIT, Supporting the EPA Research Triangle Park, NC 919-541-0007 > Federal Contact - John B. Smith 919-541-1087 - [EMAIL PROTECTED] > > [EMAIL PROTECTED] wrote on 02/24/2005 12:38:37 PM: > > > [EMAIL PROTECTED] wrote: > > > > > I've had the same 4 digit PIN on my ATM card for about 20yrs and my > > > account hasn't been cracked yet. > > > > Not a fair comparison. > > Agreed. A recent article > > http://it.slashdot.org/article.pl?sid=05/02/03/1855258&tid=172&tid=1 > > points out that passwords aren't a real good solution in the first > place, > which was the point I was hoping people would get from the ATM example. > > > > ATM authentication is two factor: something you > > have (your ATM card) and something you know (your PIN). > > Passwords are single factor: something you know. > > Two factor authentication for system > > login would lessen the complexity requirements for passwords. > > Presumably the ATM card piece of info is hard to guess > (there is a large sparsely occupied namespace used on > the magnetic strip). > For conventional login, you have a username and a passwd. > Neither should be known to the attacker, > but it isn't hard to guess usernames, > so make the standard login a 1.1 factor authentication. > > Joe > > -- > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc > -- Joseph Tate Personal e-mail: jtate AT dragonstrider DOT com Web: http://www.dragonstrider.com -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
