Re: [NTLK] need password generator for MP 120 with OS 2.0

From: Eric L. Strobel (fyzycyst_at_home.com)
Date: Tue Dec 11 2001 - 13:11:58 EST


at the temporal coordinates: 12/11/01 1:05 PM, the entity known as Markus
Rasch at m.rasch_at_gmx.net conveyed the following:

>
>>
>> Sorry, I was not clear. As I am software engineer, I need to generate
>> passwords for application, database and operating system users. Also I
>> am registered on a bunch of websites as developer etc. Nearly every
>> second day I find myself in need to make up a password. Will be nice to
>> have small program which will generate it for me. Also I found nice free
>> software for storing passwords called GeekSafe (
>> http://newtopia.com/cgi-bin/newton_index.cgi). Source codes are
>> available. I can imagine another feature of a software to generate
>> password. There is a few Perl scripts around which should be easy to
>> rewrite to NewtonScript.
>> Thanks for any thoughts,
>> Radek
>
> Are you sure you are using the word "generator" correct? A password generator
> _makes_
> passwords!
> Normaly password generators are used when you are making new user accounts for
> an
> Operating System or for specific Server access. For example, user "A" gets a
> new account
> to a machine, a password will be created automatically, which contains the
> users first and
> last name. So he can directly access the machine and change the automatically
> generated
> password, because it is known to any other user who knows user A's name).
> There is no need
> of an interaction between the user and the administrator. But it does only
> make sense to
> use this generator within the used software, for example the account manager
> software or
> the Server itself.

Read it again. 'Generator' is exactly what is meant. Automatic generation
of passwords to an easily guessed default is not very secure. What about
the case of the user asking for access, then simply not bothering to go back
for a few days to change the password? The other case of when this might be
needed is when a user forgets their password. The admin needs to reset the
password, but, again, doesn't want to set it to something as insecure as
FirstnameLastname. Thirdly, most web sites that want you to pick a password
don't have autogeneration.

- Eric.

-- 

Eric Strobel (fyzycyst_at_NOSPAM^mailaps.org)

===================================================================== If aviation had grown as slowly as space travel, the first paying customer would have flown in 1943 -- in the 1,657th expendable Wright Flyer. =====================================================================

-- This is the Newtontalk mailinglist - http://www.newtontalk.net To unsubscribe or manage: visit the above link or mailto:newtontalk-request_at_newtontalk.net?Subject=unsubscribe



This archive was generated by hypermail 2.1.2 : Wed Jan 02 2002 - 12:01:36 EST