home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!europa.asd.contel.com!darwin.sura.net!jvnc.net!netnews.upenn.edu!msuinfo!scss3.cl.msu.edu!mrr
- From: mrr@scss3.cl.msu.edu (Mark Riordan)
- Newsgroups: sci.crypt
- Subject: Re: "random generator" passwords (was: Re: Keeping track of a lot of passwords)
- Message-ID: <1992Jul26.185623.10224@msuinfo.cl.msu.edu>
- Date: 26 Jul 92 18:56:23 GMT
- References: <1992Jul26.072631.14847@chpc.utexas.edu>
- Sender: news@msuinfo.cl.msu.edu
- Organization: Michigan State University
- Lines: 27
- X-Newsreader: Tin 1.1 PL3
-
- jonathan@chpc.utexas.edu (Jonathan Thornburg) writes:
- : Using a random number generator (RNG) to generate passwords is
- : almost always a very bad idea -- it yields *highly* *insecure*
- : passwords. There are two reasons for this:
- : [...]
- : Remembering multiple cryptographically-independent-and-high-entropy
- : passwords is a hard problem, but using a "small rng" to generate them
- : is not the solution.
-
- Yes, the classic 2-line PRNG is probably not so good for generating
- passwords. However, a cryptographically strong function, such as
- DES or MD5, probably would be suitable. In fact, I wouldn't be
- surprised if crypto-based pseudo-random number generators turned
- in strong performances on most or all general-purpose PRNG tests.
- They'd be somewhat slower than most of the competition, though,
- and not easy to program into a hand-held calculator.
-
- The obvious way of making a PRNG generator from a crypto function,
- of course, is:
-
- random[0] = function(key)
- random[i] = function(random[i-1])
-
- with suitable post-processing on random[i] to turn it into an integer,
- floating point, or what-have-you.
-
- Mark R.
-