Skip to Content
7-29-2010 @ 10:27AM
"Even using any sort of password generator is not good practice.Password generators use the same algorithm every time a password is generated thus someone who could use the same application can find out how the passwords are generated and determine what your password is."To some extent.What you want is something called a "cryptographically secure" password generator, or a truly random number source that relies on non-algorithmic information (random.org uses physical sources of randomness).A "cryptographically secure" PRNG is far higher quality than most other types of PRNGs, and since they are using cryptographic technologies, it is far more difficult for a hacker to discover what the initial state of the generator was in order to reproduce the same random numbers as you did.The key to any PRNG is to make sure the "seed" (initial state) of the generator is not easily found. One of the weaknesses of many PRNGs is how the initial state is determined.In any case, this can be a bit complex to talk about - but suffice to say, using some random program or website to generate passwords for you is probably not the best way to do it.I haven't done any serious research on which RNGs and PRNGs are best, but I know of two sources that produce very good results:-random.org should work, as they are in the true RNG business. They use physical sources of randomness.-KeePass has a strong PRNG: They use several sources of randomness and hashes them with a cryptographic hash and a counter, which should provide a source of randomness that is very difficult to reverse.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.