delorie.com/archives/browse.cgi   search  
Mail Archives: djgpp/1999/12/09/07:22:11

Message-Id: <199912090853.KAA31705@www.Foo.COM>
From: "S. M. Halloran" <mitch AT duzen DOT com DOT tr>
Organization: User RFC 822- and 1123-compliant
To: djgpp AT delorie DOT com
Date: Thu, 9 Dec 1999 11:00:04 +0200
MIME-Version: 1.0
Subject: Re: A simple random password list generator
In-reply-to: <GDHIAHKCHIGNAAAA@shared1-mail.whowhere.com>
X-mailer: Pegasus Mail for Win32 (v3.12b)
Reply-To: djgpp AT delorie DOT com
X-Mailing-List: djgpp AT delorie DOT com
X-Unsubscribes-To: listserv AT delorie DOT com

A password to be used by a human ought to be something that has all of 
these features:

1. provides the level of security demanded by (or expected from) a 
reasonable--not paranoid--system admininstrator

2. be a word or phrase someone can remember and does not require carrying 
it around on a piece of paper

From the passwords I saw generated below, your program will be good for 
someone in your very special situation, since you would have to carry 
around a list of passwords of your own, rather than a machine's, 
conception anyway.  I don't recommend that sys admins subjugate their 
users with such passwords however.

At any rate, the rapid advances in biometrics (doing security by looking 
at finger or hand or retina scans or some unique identifier on the body) 
will make the weakest link in the security chain---passwords---obsolete, 
as that is the wish of both users and sys admins.

On 9 Dec 99, Nimrod Alonzo Abing was found to have commented thusly:

> Hello! I just finished my first DJGPP program. It is a very
> simple program to generate a list of random passwords. Where
> would on use such a program? Well, I made this program
> because students in the college computer lab where I work
> kept fiddling around with the BIOS settings. So I figured,
> set the BIOS password to the same one on all computers. That
> was a big mistake: the password was one day compromised and
> I had to change the passwords for all the computers. So that
> I will never have to undergo such a massive undertaking
> again (I maintain 120 computers spread across four rooms, 30
> to each room) I decided to make the passwords different for
> each computer. This way, if a password for one computer is
> compromised, only one password will need to be changed. The
> only problem now is to come up with 120 _different_
> passwords. This program is my solution. It's not very
> elegant but it works. Below is a snippet from the output of
> the program (it has an option to generate a text file
> containing the password list.)
> 
> -- output snippet --
> 
> pwdgen.exe version 1.10 Password List Generator
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> Password list generated: Thursday December 09, 1999 10:40:07
> Command line options:
>      Password count: 10
>      Password length: 8
>      Password seed: 217828
>      Password type: Alpha lower + Numeric
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> Begin password list:
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> 1. 107ojbc5
> 2. e8dpnrqt
> 3. rbx1oei7
> 4. ca214wmi
> 5. qkp9bchi
> 6. gy7rwo3u
> 7. 03htkby1
> 8. k9ild54f
> 9. 1u2wzhiq
> 10. 1as934be
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> End of password list
> 
> -- output snippet --
> 
> Attached to this message is a zip file containing the
> program source code and makefile. I am releasing it under
> the conditions stated in the Gnu General Public License.
> 
> Passwords are generated in this manner (it is a kludge at
> best) for more details, please see the attached source code:
> 
> 1. Create a symbol table from based on the default or user
> settings from the command line. Passwords can be a
> combination of upper-case letters, lower-case letters,
> numeric digits 0..9, and symbols. These are in the standard
> ASCII character set (ASCII 33..126) ASCII 32 (space) and
> ASCII 127 are excluded from the symbol table build.
> 
> 2. Scramble the symbol table. The number of times the symbol
> table is scramble can be set from the command line. The
> default is 1.
> 
> 
> 3. Generate the password list.
> 
> Any suggestions to improve this program and its algorithms
> are most certainly welcome. Send all inquiries or comments
> to synflood AT eurdoramail DOT com.
> 
> Thanks!
> 
> 
> oOOOo Synflood oOOOo

---------------------------------------------------------
M. Halloran

Board-certified Ontologist (SADTP)
Metaphysical Testing $29.95          Mind-Body Consultations [Inquire]
Epistemological Investigations:  Routine $59.95  Complete $79.95

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019