Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uflorida!haven!mimsy!chris From: chris@mimsy.UUCP (Chris Torek) Newsgroups: comp.unix.wizards Subject: Re: PASSWORD GUESSING Message-ID: <19168@mimsy.UUCP> Date: 19 Aug 89 20:36:26 GMT References: <20648@adm.BRL.MIL> Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742 Lines: 23 In article <20648@adm.BRL.MIL> Kemp@DOCKMASTER.NCSC.MIL writes: >Any time a human tries to think up a "random" password, chances are it >won't be as "random" as a machine could choose. So why not have the >machine generate it for you, and stop worrying. I am a bit surprised that someone at NCSC would suggest this without at least a caveat. (I suppose I ought not to be surprised....) While a machine-generated password *could* be `very random', the average machine generating the average pronounceable password is not very random at all. People have been known to use a 15-bit random number generator (maximum of 32768 distinct passwords) and filter it through a `pronounceability test' that discards more than half of the numbers generated! I generally construct my own passwords by taking one or more words that form a memorable sequence (such as `military intelligence' :-) ), translating some or all into some other language(s), rearranging and/or dropping some of the letters in the result, and changing some into punctuation and/or control characters. For instance: `to write the great American novel' might become `sdvAn^L.' -- In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163) Domain: chris@mimsy.umd.edu Path: uunet!mimsy!chris