>>>>> "dkc" == <[EMAIL PROTECTED]> writes:
dkc> open(OUTFILE, ">passwords.txt") || die "can't open output file";
dkc> for (; $count > 0; $count--) {
dkc> for ($loop = 0; $loop < $length; $loop ++) {
dkc> $temp = int(rand 60) + 1;
dkc> print OUTFILE $characters[$temp];
dkc> }
dkc> print OUTFILE "\n";
dkc> }
The trouble with this is that it places a strong relationship between
successive passwords. This means that the breaking of one password
can be fatal; the knowledge of one password allows you to break the
passwords of all the following users trivially. I've seen this done
to deduce the passwords of an entire year of undergraduates [in fact
in that case the random number generator was seeded by the current
time, but that doesn't fix the problem].
If you must select random passwords, then please use a
(cryptographically) stronger source of randomness, for example
/dev/urandom (for this application you would need to use the actual
bits from /dev/urandom rather than just seeding from it as one might
do normally).
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
