Firewall Wizards mailing list archives
Re: Off-topic: Password and PIN generation
From: "M. Dodge Mumford" <dodge () nfr net>
Date: Fri, 22 Oct 1999 10:33:47 -0400 (EDT)
From doc/faq.txt of Crack 5.0:
From the Security FAQ: Q.16 How can I generate safe passwords? You can't. The key word here is GENERATE. Once an algorithm for creating passwords is specified using upon some systematic method, it merely becomes a matter of analysing your algorithm in order to find every password on your system. Unless the algorithm is very subtle, it will probably suffer from a very low period (ie: it will soon start to repeat itself) so that either: a) a cracker can try out every possible output of the password generator on every user of the system, or b) the cracker can analyse the output of the password program, determine the algorithm being used, and apply the algorithm to other users to determine their passwords.
[ and so on ] On Tue, 19 Oct 1999 srss () whoever com wrote:
Hi, This is an off-topic question, so first I would like to apologize for deviating from the main subject of the list... Apologies made (and hopefully accepted) - I am looking for information, referrals and/or best-practices for implementing a secure mechanism of password/pin generation and storage for e-commerce applications. Any recommendations or pointers would be greatly appreciated. Thanks! Sandra Santos srss () whoever com ------------------------------------------------------ Get the Latest News at CNN Interactive: http://CNN.com
Dodge
Current thread:
- Off-topic: Password and PIN generation srss (Oct 19)
- Re: Off-topic: Password and PIN generation M. Dodge Mumford (Oct 22)
- Re: [firewall-wizards] Re: Off-topic: Password and PIN generation Magosanyi Arpad (Oct 23)
- Re: Off-topic: Password and PIN generation M. Dodge Mumford (Oct 22)