Path: utzoo!mnetor!uunet!husc6!linus!gatech!mcnc!rti!trt
From: trt@rti.UUCP (Thomas Truscott)
Newsgroups: sci.crypt
Subject: Re: Unix Password Hacker
Message-ID: <2056@rti.UUCP>
Date: 23 Feb 88 16:53:40 GMT
References: <731@ddsw1.UUCP> <203@tijc02.UUCP> <3111@bloom-beacon.MIT.EDU>
Distribution: na
Organization: Research Triangle Institute, RTP, NC
Lines: 17
Summary: Never trust a password generator

In article <3111@bloom-beacon.MIT.EDU>, jfc@athena.mit.edu (John F Carr) writes:
> The problem with this method (random passwords) is that the user is much
> more likely to write down the password.

Another problem with "randomly" generated passwords is that
they are usually not as random as they appear to be.
The Morris/Thompson "Password Security: A Case History" ACM paper
(also in the standard UN*X documentation) discusses this.
As another example, a couple of years ago someone posted a generator
program that typically generated one of about 4000 different passwords.
That is not all that hard to break!

A good password generator program is certainly possible,
but I am still waiting to see one.

And then there is the problem with remembering them, as you say.
	Tom Truscott