Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uflorida!haven!adm!xadmx!Kemp@DOCKMASTER.NCSC.MIL
From: Kemp@DOCKMASTER.NCSC.MIL
Newsgroups: comp.unix.wizards
Subject: Re: PASSWORD GUESSING
Message-ID: <20656@adm.BRL.MIL>
Date: 21 Aug 89 00:28:32 GMT
Sender: news@adm.BRL.MIL
Lines: 22

Chris Torek writes:
 > I am a bit surprised that someone at NCSC would suggest this without
 > at least a caveat.

Chris is absolutely correct here (as usual).  One should not just take
any program for password generation (like you might find on a unix
archive) and blindly trust that it will actually generate good random
passwords.  I was extrapolating from the Multics and VMS programs, which
presumably use decent algorithms and have been verified by computer
security experts.

I also did not include a very important disclaimer:

"Although this message was posted from a NCSC machine, it's contents do
not reflect the views of anyone but the author, who is not in any sense
an authority on computer security."

    Dave Kemp <Kemp@dockmaster.ncsc.mil>

P.S.  Several people have sent mail asking where password generating
programs might be found.  I have no idea; just a vague memory of having
seen references to them.