On Fri, Nov 12, 2010 at 4:56 PM, wileop <wil...@gmail.com> wrote: > I'm not sure if this is what you are interested in, but Steve Gibson, of > Gibson Research Corp. (grc.com) has a web page where he set up > a program to generate random passwords, in different formats.
(1) A one-time password/pad (OTP) is something very different from a password generator. OTPs are the only cryptographic mechanism which has been mathematically proven to be secure. Google will tell you more. (2) Steve Gibson doesn't know nearly as much about security as he thinks he does. (2)(a) In particular, that password generator is dubious. The entropy source of the initialization vector is never explained, the period of the counter is never given, and the source and/or variance of the "secret key" is never explained. While it probabbly creates okay passwords, it's hardly the miracle of cryptography he portrays it to be. (3) Most Linux distributions come with at least one password generation utility. Popular names include "mkpasswd" (part of Expect), "makepasswd", and "pwgen". -- Ben _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
