OT: password/passphrase generation
KRFinch at dstsystems.com
KRFinch at dstsystems.com
Thu Jun 5 21:37:34 CDT 2003
For some applications, we use an algorithmic number generator that gets
combined with a regular password. The number generator spits out 6 digit
numbers every 60 seconds according to an algorithm hashed specifically to
the user of that generator and to a time index counter on a server. In
order for someone to log in through the system they would need a specific,
time synchronized number generator, the user account information tied to
it, and that user's regular password. The net result is it effectively
changes the login credentials every 60 seconds.
Thanks!
Kevin Finch
Network Administrator
DST Systems, Inc.
816/435-6039
krfinch at dstsystems.com
Tim Reid
<darkweb4 at gbronline.c To: kclug at kclug.org
om> cc:
Sent by: Subject: OT: password/passphrase generation
owner-kclug at marauder.
illiana.net
06/05/2003 03:13 PM
hey all,
I've been looking at some of the high-level popular crypto/security
texts lately, and one of the more interesting things that struck me was
the different methods of generating/choosing passcodes. I've now seen
several different methods used (APG, diceware, etc.) I haven't made up
my mind as to the most secure (within reason for a common user like me)
method of password generation for both login passwords and PGP/GPG
passphrases...
What does everybody use for secure/random password/passphrase
generation? What are some of the different aspects of "your" method?
Do you go for speed, maximum bits of entropy, etc.?
--Tim
OT: PS: I had someone ask me a "brainteaser" in a IRC channel, and I
haven't been able to get back to them...but I think I know the answer.
But I thought that I might share it with all you smart KCluggers :P
What number does not belong? < 1 2 3 4 5 > And why does it not belong?
More information about the Kclug
mailing list