Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!burl!ulysses!mhuxl!ihnp4!zehntel!hplabs!sri-unix!steve@BRL-BMD.ARPA From: steve@BRL-BMD.ARPA Newsgroups: net.unix-wizards Subject: Re: random password generator Message-ID: <12458@sri-arpa.UUCP> Date: Tue, 21-Aug-84 02:16:49 EDT Article-I.D.: sri-arpa.12458 Posted: Tue Aug 21 02:16:49 1984 Date-Received: Fri, 17-Aug-84 01:22:14 EDT Lines: 23 From: Stephen Wolff>> I believe that using a generated password like eCNrbU01 is >> preferable and more secure than using your-name-spelled-backwards >> or your-wife's-name or your-address or ...... It still stinks! Because something marvelous like eCNrbU01 is VERY likely to be written down on a scrap of paper when Jane Q. User receives it from your wonderful random gibberish generator, and then the scrap of paper will get lost somewhere and one day a Bad Guy WILL find it and run through all your user names until he finds the match. 'Course, YOU can feel good about it because YOU didn't lose the scrap of paper; it's after all ol' Jane Q.'s OWN dumb fault, and Sheesh when will those lusers learn anyway, right? I think random, down-from-on-high passwords are a holdover from the bad old days of supercilious computer center white-coats. We let our users pick their own passwords, and enforce a few of the more obvious caveats. I claim that one of my old passwords which was NEVER (until now) written down was in practice MORE secure than eC-what-have-you. It was BeethovenDucks (never-you-mind why I found it easy to remember). -s