Re: [NTLK] [OT] Excellent Password Source

From: Will Hartung (willh_at_msoft.com)
Date: Wed May 01 2002 - 18:55:26 EDT


Hmm...

No, not really.

You still need a random source with which to guide your selection from the
static list of random numbers.

So, while the numbers themselves may perhaps be random, the selection
process may not be.

For example, say it was your policy that your users receive a "random 5
digit password". You could simply print out this list, and check off each 5
digit sequence as you handed it out to the users. Now, the numbers you hand
out are themselves random, but since the key is public, someone could easily
predict future passwords of random numbers. So, in reality, they're not
random at all!

All this stuff can get your head in a spin.

See http://world.std.com/~reinhold/diceware.html

Best Regards,

Will Hartung
(willh_at_msoft.com)

-- 
Read the List FAQ/Etiquette: http://www.newtontalk.net/faq.html
Read the Newton FAQ: http://www.guns-media.com/mirrors/newton/faq/
This is the NewtonTalk mailing list - http://www.newtontalk.net



This archive was generated by hypermail 2.1.2 : Wed Jun 12 2002 - 20:01:39 EDT