Re: Off-topic: Password and PIN generation

["M. Dodge Mumford" <dodge () nfr net>]

> From doc/faq.txt of Crack 5.0:

> From the Security FAQ:
> Q.16 How can I generate safe passwords?
>
> You can't.  The key word here is GENERATE.  Once an algorithm for
> creating passwords is specified using upon some systematic method, it
> merely becomes a matter of analysing your algorithm in order to find
> every password on your system.
>
> Unless the algorithm is very subtle, it will probably suffer from a
> very low period (ie: it will soon start to repeat itself) so that
> either:
>
>  a) a cracker can try out every possible output of the password
>  generator on every user of the system, or
>
>  b) the cracker can analyse the output of the password program,
>  determine the algorithm being used, and apply the algorithm to other
>  users to determine their passwords.

[ and so on ]

On Tue, 19 Oct 1999 srss () whoever com wrote:

> Hi,
>
> This is an off-topic question, so first I would like to apologize for deviating from the main subject of the list...
>
> Apologies made (and hopefully accepted) - I am looking for information, referrals and/or best-practices for 
> implementing a secure mechanism of password/pin generation and storage for e-commerce applications. Any 
> recommendations or pointers would be greatly appreciated.
>
> Thanks!
>
> Sandra Santos
> srss () whoever com
>
> ------------------------------------------------------
> Get the Latest News at CNN Interactive: http://CNN.com


Dodge