from the bad idea department
Steven M. Bellovin
smb at cs.columbia.edu
Mon Nov 21 11:35:28 EST 2005
Steve Gibon is now offering a "GRC's Ultra High Security
Password Generator" -- a web page that provides you with
"totally random" data in 3 formats: 64 hex digits, 63 printable
characters, or 63 alphanumerics. The page suggests using
them for passwords, WEP and WPA, VPN shared secrets, and more.
Sigh. First off, there are no details on just how these
"custom, high quality, cryptographic-strength" strings are
generated. We all know there are lots of bad ways to do it.
Second, these strings are supposed to be *secret* -- why get
them from somewhere else?
https://www.grc.com/passwords if you want to see more.
(In fairness, the "Application Notes" section is listed as
"under construction". Maybe it will contain suitable caveats
when it's finished.)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list