Chris's Wiki :: blog/programming/RandomVsGoodPasswords Commentshttps://utcc.utoronto.ca/~cks/space/blog/programming/RandomVsGoodPasswords?atomcommentsDWiki2007-07-19T22:53:34ZRecent comments in Chris's Wiki :: blog/programming/RandomVsGoodPasswords.By Chris Siebenmann on /blog/programming/RandomVsGoodPasswordstag:CSpace:blog/programming/RandomVsGoodPasswords:70366d6fcc882053497732d68a242eda00dfce9bChris Siebenmann<div class="wikitext"><p>I don't expect people to remember these randomly generated passwords.
In some contexts, these are just initial passwords and the user will
be forced to change the password the first time they use it; in other
contexts, I expect the user to let their web browser remember the
password for them.</p>
<p>I hadn't heard of APG before now; thanks for the pointer, and I will
have to play with it sometime. The main benefit of my current
random password generator is that it is <a href="https://utcc.utoronto.ca/~cks/space/blog/python/LargeIntegersLike">very simple</a>.</p>
</div>2007-07-19T22:53:34ZFrom 128.117.43.34 on /blog/programming/RandomVsGoodPasswordstag:CSpace:blog/programming/RandomVsGoodPasswords:ccbb439eb303391cc02997c7f617310e8f2d2232From 128.117.43.34<div class="wikitext"><p>Good passwords are also memorable to the owner. In practice, randomly assigned passwords are not memorable, and are not better than mnemonic passwords. For more, see this paper:</p>
<p>The Memorability and Security of Passwords – Some Empirical Results<br>
by Jianxin Yan, Alan Blackwell, Ross Anderson, Alasdair Grant<br>
September 2000<br>
<a href="http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-500.pdf">http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-500.pdf</a></p>
<p>That said, even the "best" password will fall to a keystroke logger, such as installed by the storm worm, or a trojan ssh client. Those are increasingly common in practice.</p>
</div>2007-07-18T19:39:28ZFrom 70.49.21.130 on /blog/programming/RandomVsGoodPasswordstag:CSpace:blog/programming/RandomVsGoodPasswords:764d33190ad99410672efb07612420006f859efeFrom 70.49.21.130<div class="wikitext"><p>Have you looked at <a href="http://www.adel.nursat.kz/apg/">APG</a> at all?</p>
</div>2007-07-18T12:09:04Z