[Dshield] open source passwd generator needed

Matthias Jänichen mj2 at percomp.de
Fri Dec 30 13:33:14 GMT 2005


At 16:36 29.12.2005 -0500, Wes S wrote:
>I need a password generator since my brain is getting tired of trying
>to come up with passwords.  One that can be configured to produce
>passwords that match password policy in effect would be nice.

That raises an interesting question: "What is a theoretically good PW 
policy regarding PW generation"

Is an eight char password from the set [a-zA-Z0-9](plus some 10 
specials like "$%&") more complex to break than a 9 or 10 char PW 
from only [a-zA-Z]???

Numerics say NO: 52^9 > 72^8

Or is the regular request for special chars only to force users not 
to use readable PWs?

Is a longer password more difficult than a shorter one when you take 
into calculation that only a Hash of it is stored?

The following idea is quite interesting and might solve your problem:
http://www.cryptme.com/e/PaTHwordDescription.asp

if you want to try it:

http://www.savernova.com/cms/16.html

Just view the flash demo and the webcard-Link on the right.

Smart idea, but you are lost, when you loose your card. Not that your 
systems are endangered, but you'll have trouble remenbering your PW yourself.

Even more interesting you can even stick that card next to your PC, 
with out the initial row/column and the "reading method" it is 
worthless to any attacker.

Interested in your comments
Have a nice New Years Eve!

Matthias 



More information about the list mailing list