----- Original Message -----
From: "Eric L. Strobel" <fyzycyst_at_home.com>
To: <newtontalk_at_newtontalk.net>
Sent: Tuesday, December 11, 2001 7:11 PM
Subject: Re: [NTLK] need password generator for MP 120 with OS 2.0
>
> at the temporal coordinates: 12/11/01 1:05 PM, the entity known as Markus
> Rasch at m.rasch_at_gmx.net conveyed the following:
>
> >
> >>
> >> Sorry, I was not clear. As I am software engineer, I need to generate
> >> passwords for application, database and operating system users. Also I
> >> am registered on a bunch of websites as developer etc. Nearly every
> >> second day I find myself in need to make up a password. Will be nice to
> >> have small program which will generate it for me. Also I found nice free
> >> software for storing passwords called GeekSafe (
> >> http://newtopia.com/cgi-bin/newton_index.cgi). Source codes are
> >> available. I can imagine another feature of a software to generate
> >> password. There is a few Perl scripts around which should be easy to
> >> rewrite to NewtonScript.
> >> Thanks for any thoughts,
> >> Radek
> >
> > Are you sure you are using the word "generator" correct? A password generator
> > _makes_
> > passwords!
> > Normaly password generators are used when you are making new user accounts for
> > an
> > Operating System or for specific Server access. For example, user "A" gets a
> > new account
> > to a machine, a password will be created automatically, which contains the
> > users first and
> > last name. So he can directly access the machine and change the automatically
> > generated
> > password, because it is known to any other user who knows user A's name).
> > There is no need
> > of an interaction between the user and the administrator. But it does only
> > make sense to
> > use this generator within the used software, for example the account manager
> > software or
> > the Server itself.
>
> Read it again. 'Generator' is exactly what is meant. Automatic generation
> of passwords to an easily guessed default is not very secure. What about
> the case of the user asking for access, then simply not bothering to go back
> for a few days to change the password? The other case of when this might be
> needed is when a user forgets their password. The admin needs to reset the
> password, but, again, doesn't want to set it to something as insecure as
> FirstnameLastname. Thirdly, most web sites that want you to pick a password
> don't have autogeneration.
Hm, that's what I wrote. The "fist name, last name" thing was an example, it could be
anything else.
But, autogeneration of passwords makes only sense to me if the person _making_ an account
and the person _using_ the account is _not_ the same!
Or what do you think!
Markus
-- This is the Newtontalk mailinglist - http://www.newtontalk.net To unsubscribe or manage: visit the above link or mailto:newtontalk-request_at_newtontalk.net?Subject=unsubscribe
This archive was generated by hypermail 2.1.2 : Wed Jan 02 2002 - 12:01:37 EST