home *** CD-ROM | disk | FTP | other *** search
- Xref: sparky comp.unix.admin:4956 comp.unix.ultrix:6781 comp.unix.wizards:3858
- Path: sparky!uunet!mcsun!uknet!cam-cl!cam-cl!nmm
- From: nmm@cl.cam.ac.uk (Nick Maclaren)
- Newsgroups: comp.unix.admin,comp.unix.ultrix,comp.unix.wizards
- Subject: Re: random passwd generator
- Message-ID: <1992Sep9.073643.1373@cl.cam.ac.uk>
- Date: 9 Sep 92 07:36:43 GMT
- References: <1992Sep4.170148.17469@trentu.ca> <1992Sep8.201437.7521@resumix.portal.com>
- Sender: news@cl.cam.ac.uk (The news facility)
- Reply-To: nmm@cl.cam.ac.uk (Nick Maclaren)
- Organization: U of Cambridge Computer Lab, UK
- Lines: 29
-
- In article <1992Sep8.201437.7521@resumix.portal.com>,
- gary@resumix.portal.com (Gary Lin) writes:
- |> >ccksb@blaze.trentu.ca (Ken Brown) writes:
- |> > I'm looking for a program which will generate 'n' number of passwords.
- |>
- |> But never ever do what UCSC does for student accounts: generate passwords
- |> constructed from scrambled blocks of constant characters. Obviously, they
- |> were too brilliant to write a random generator. :P
- |>
- |> Which of course means, if a few smart CS students sit around and compare the
- |> initial passwords in their accounts, they can back-calculate the generation
- |> scheme and break into other people's accounts. Then lock out other people.
-
- No, no, no! A few DIM CS students is enough. SMART CS students should be
- able to crack the srandom()-based generator described in the previous
- posting. And I mean first-year ones, too. Of course, if they are kept in
- total ignorance of the type of algorithm, you may get away with it.
-
- If you are concerned with doing this securely, post the question to
- sci.crypt - not one of the UNIX groups!
-
-
- Nick Maclaren
- University of Cambridge Computer Laboratory,
- New Museums Site, Pembroke Street,
- Cambridge CB2 3QG, England.
- Email: nmm@cl.cam.ac.uk
- Tel.: +44 223 334761
- Fax: +44 223 334679
-
