Path: utzoo!utgpu!water!watmath!clyde!att!pacbell!lll-tis!helios.ee.lbl.gov!nosc!ucsd!ucsdhub!esosun!seismo!uunet!vsi!friedl
From: friedl@vsi.UUCP (Stephen J. Friedl)
Newsgroups: comp.unix.questions
Subject: Re: Password Choices
Summary: public randomness
Message-ID: <761@vsi.UUCP>
Date: 23 Jul 88 20:27:57 GMT
References: <16595@brl-adm.ARPA> <4436@ptsfa.PacBell.COM>
Organization: V-Systems, Inc. -- Santa Ana, CA
Lines: 17

In article <16595@brl-adm.ARPA> JPLILER@simtel20.arpa (John R. Pliler) writes:
> Why not use a *random* password generator?

In article <4436@ptsfa.PacBell.COM>,jmc@ptsfa.PacBell.COM (Jerry Carlin) writes:
> Just make sure that the algorithm generates a LARGE number of
> possibilities and is not known.

It is a better idea to use an algorithm that generates a very
large number of possibilities and then make the algorithm known.
To do otherwise places a burden on the implementor to keep the
secret and makes this information valuable to a nasty person,
thereby giving a challenge.  Security by secrecy requires eternal
vigilance.

     Steve

-- 
Steve Friedl    V-Systems, Inc.  +1 714 545 6442    3B2-kind-of-guy
friedl@vsi.com     {backbones}!vsi.com!friedl    attmail!vsi!friedl
--------- Nancy Reagan on flood-control: "Just say Noah