WebApp Sec mailing list archives
Re: suggesting passwds to users
From: hggdh <hggdh2 () gmail com>
Date: Wed, 20 Apr 2005 12:37:55 -0500
What I see here is user reality. Random data has two very strong properties; 1. it is random 2. nobody can remember it. So, by giving an user random passwords, you now incur the risk of the user writing the new, improved, passowrd on a post-it, and sticking it on a safe and easy to reach place. End result: you are now more vulnerable... On 4/19/05, Matt Fisher <mfisher () spidynamics com> wrote:
The first thing I think of in this scenario is what "random" means. I don't know that much about rand generators, but I do know that some have been flawed, and presented not-so-random numbers.
-- ..hggdh..
Current thread:
- Re: suggesting passwds to users, (continued)
- Re: suggesting passwds to users robert (Apr 21)
- Re: suggesting passwds to users Saqib Ali (Apr 20)
- Re: suggesting passwds to users James Barkley (Apr 20)
- Re: suggesting passwds to users Saqib Ali (Apr 20)
- Re: suggesting passwds to users SecurityFocus (Apr 21)
- Re: suggesting passwds to users James Barkley (Apr 20)
- Re: suggesting passwds to users Kelly John Rose (Apr 20)
- Re: suggesting passwds to users Robert Hajime Lanning (Apr 20)
- Re: suggesting passwds to users Michael Silk (Apr 20)
- Re: suggesting passwds to users Martin Sarsale (Apr 20)
- RE: suggesting passwds to users Matt Fisher (Apr 20)
- Re: suggesting passwds to users hggdh (Apr 21)
- RE: suggesting passwds to users Scovetta, Michael V (Apr 21)
- RE: suggesting passwds to users maburns (Apr 21)
- RE: suggesting passwds to users Sohl, Greg (Apr 21)
- SV: suggesting passwds to users Fredrik Hesse (Apr 21)
- RE: suggesting passwds to users Westman, Brad (Apr 21)