This is a discussion on Re: Security level of SET PASS /GENERATE ? - VMS ; Kilgallen@SpamCop.net (Larry Kilgallen) wrote on 01/08/2008 11:42:05 AM: > In article , "Richard B. Gilbert" > writes: > > > My point is that generated passwords are little or no better than any > > other sort! A password has ...
Kilgallen@SpamCop.net (Larry Kilgallen) wrote on 01/08/2008 11:42:05 AM:
> In article <email@example.com>, "Richard B. Gilbert"
> > My point is that generated passwords are little or no better than any
> > other sort! A password has little or no inherent security! If
> > and used properly it's reasonably secure and if not, not!
> Generated passwords are _guaranteed_ by the system to be hard to guess.
> They are also _guaranteed_ by the system to not be the same password
> that user has chosen on multiple other systems.
> If one can trust a user to come up with a unique hard-to-guess password,
> there would be no benefit to using a generated password. But in many
> situations the users cannot be trusted to follow security rules.
> On VMS, the guessability of a password is less important than on other
> systems due to breakin evasion. But VMS is still vulnerable to threats
> of a password that is chosen to be the same on multiple systems, since
> if one system is compromised they all go down.
As I read it, Jan-Erik was asking about the vulnerablity of the generating
algorthm - how likely is it the password generation could be turned into
a tool to crack generated passwords.
ISTM that given all the previous discussion, this is not a concern, but
is what concerns him. He groks security. His question is about any
vulnerability of this algorthm and its implementation.
(I find generated passworks harder, not easier, to remember.)