[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT] Intent to Rewrite: pwgen

On Sat, Jun 23, 2001 at 07:12:42PM -0700, Adam McKenna <adam@debian.org> spake forth:
> On Sat, Jun 23, 2001 at 06:02:24PM -0700, Mike Markley wrote:
> > On Sun, Jun 24, 2001 at 01:08:00AM +0200, Kai Henningsen <kaih@khms.westfalen.de> spake forth:
> > > > Look at mkpasswd in the whois package.
> > > 
> > > What on earth does it do in that package? Is there a whois system  
> > > somewhere that knows about passwords?
> > 
> > NSI and the CRYPT-PW authentication scheme... not that there's any excuse
> > for not using PGP ;).
> 
> There is an excuse -- it doesn't work.

Sure it does, I used it just last week... it's got some pretty lame
restrictions (doesn't do PGP/MIME for one), but it's more secure than a
password on a website or a plaintext-equivalent password hash (yes you can
re-use an intercepted password hash for CRYPT-PW)...

-- 
Mike Markley <mike@markley.org>
GPG: 0x3B047084 7FC7 0DC0 EF31 DF83 7313  FE2B 77A8 F36A 3B04 7084

Death, when unnecessary, is a tragic thing.
- Flint, "Requiem for Methuselah", stardate 5843.7
Reply to: