Random Password Generation script

Thu, 26 Mar 1998 13:25:09 -0500 

What would be wrong with using the mkpasswd program that comes with
RH5.0?

It looks to me like you could write a small script to have it run x
amount of times, and spit out a random passwd.  You also have complete
control of the length, and number of upper,lower,special,and numeric
characters in the password.

Am I missing something here?

Rich Minear
Sr. Network Admin
AMC Theatres

[EMAIL PROTECTED]

-----Original Message-----
From: James Youngman [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, March 26, 1998 11:11 AM
To: [EMAIL PROTECTED]
Cc: @redhat.com
Subject: Re: Random Password Generation script


>>>>> "dkc" ==   <[EMAIL PROTECTED]> writes:

  dkc> open(OUTFILE, ">passwords.txt") || die "can't open output file";

  dkc> for (; $count > 0; $count--) {
  dkc>     for ($loop = 0; $loop < $length; $loop ++) {
  dkc>  $temp = int(rand 60) + 1;
  dkc>  print OUTFILE $characters[$temp];
  dkc>     }
  dkc>     print OUTFILE "\n"; 
  dkc> }


The trouble with this is that it places a strong relationship between
successive passwords.  This means that the breaking of one password
can be fatal; the knowledge of one password allows you to break the
passwords of all the following users trivially.  I've seen this done
to deduce the passwords of an entire year of undergraduates [in fact
in that case the random number generator was seeded by the current
time, but that doesn't fix the problem].

If you must select random passwords, then please use a
(cryptographically) stronger source of randomness, for example
/dev/urandom (for this application you would need to use the actual
bits from /dev/urandom rather than just seeding from it as one might
do normally).



-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST
ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips
/mailing-lists
         To unsubscribe: mail [EMAIL PROTECTED] with 
                       "unsubscribe" as the Subject.


-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
         To unsubscribe: mail [EMAIL PROTECTED] with 
                       "unsubscribe" as the Subject.

Reply via email to