Online High Security Password Generator

Discussion in 'other security issues & news' started by StevieO, Nov 19, 2005.

Thread Status:
Not open for further replies.
  1. StevieO

    StevieO Guest

    Steve Gibson from the Gibson Research Corporation has just launched a brilliant FREE secure online non cached pseudo-random never repeating long string password generator.

    There are a choice of 3 types -

    64 random hexadecimal characters (0-9 and A-F):

    63 random printable ASCII characters:

    63 random alpha-numeric characters (a-z, A-Z, 0-9):

    Generating long, high-quality random passwords is not simple. So here is some totally random raw material, generated just for YOU, to start with.

    Every time this page is displayed, our server generates a unique set of custom, high quality, cryptographic-strength password strings which are safe for you to use:

    Click your web browser's "refresh" button a few times and watch the password strings change each time. Every one is completely random (maximum entropy) without any pattern and the cryptographically-strong pseudo random number generator we use guarantees that no similar strings will ever be produced again.
    Also, because this page will only allow itself to be displayed over a snoop-proof and proxy-proof high-security SSL connection, and it is marked as having expired back in 1999, this custom generated (just now for you) page will not be cached or visible to anyone else.

    Therefore, these password strings are just for you. You may safely take these strings as they are, or use chunks from several to build your own if you prefer, or do whatever you want with them. Each set displayed are totally, uniquely yours.

  2. xmen

    xmen Guest

    Why would anyone use thiso_O
  3. AvianFlux

    AvianFlux Registered Member

    Dec 7, 2004
    While there may be nothing wrong with a online PW generator, I prefer to use a stand alone program for that purpose.
  4. Airking

    Airking Registered Member

    Jun 22, 2005
    that's excellent. A good use for it is when setting a password for wireless computer operation. :cool:
  5. TNT

    TNT Registered Member

    Sep 4, 2005
    Yeah, I agree. A program doing it on a remote server? No thanks... many pseudo-random generators are good enough anyway.
  6. lotuseclat79

    lotuseclat79 Registered Member

    Jun 16, 2005
    Hi TNT,

    Please excuse me for bringing up the issue of what constitutes "good enough" and "for what" exactly, but I seem to recollect that somewhere in the last 5 or so years there has been new work on randomness and many of the algorithms assumed to be so, were found not to be - as I somewhat "hazily" recollect.

    I'll have to scrounge around to find the technical paper references, unless someone else recalls OTTOTH?

    -- Tom
  7. TNT

    TNT Registered Member

    Sep 4, 2005
    Well, ok. Maybe I was a little bit too rushed without explaining "for what".

    By, the way, with Internet Explorer in default options THIS generator leaves the password in clear text in the browser cache, because Internet Explorer stores encrypted pages in the cache by default. Here it's the IE cache content after visiting ONLY that page:

    Here's passwords.htm from IE cache opened in Firefox:

    So the page actually lies about the page not being present in the cache. It's MANDATORY to turn off the setting to cache ssl pages in IE if you want to use this, or securely erase the data after.

    EDIT: I think the proper header for the html page to prevent caching is:

    <META http-equiv="Pragma" content="no-store">

    but I wouldn't rely on buggy browsers to implement that.
    Last edited: Nov 27, 2005
Thread Status:
Not open for further replies.