Online High Security Password Generator

Discussion in 'other security issues & news' started by StevieO, Nov 19, 2005.

Thread Status:
Not open for further replies.
  1. StevieO

    StevieO Guest

    Steve Gibson from the Gibson Research Corporation has just launched a brilliant FREE secure online non cached pseudo-random never repeating long string password generator.

    There are a choice of 3 types -

    64 random hexadecimal characters (0-9 and A-F):

    63 random printable ASCII characters:

    63 random alpha-numeric characters (a-z, A-Z, 0-9):



    Generating long, high-quality random passwords is not simple. So here is some totally random raw material, generated just for YOU, to start with.

    Every time this page is displayed, our server generates a unique set of custom, high quality, cryptographic-strength password strings which are safe for you to use:

    Click your web browser's "refresh" button a few times and watch the password strings change each time. Every one is completely random (maximum entropy) without any pattern and the cryptographically-strong pseudo random number generator we use guarantees that no similar strings will ever be produced again.
    Also, because this page will only allow itself to be displayed over a snoop-proof and proxy-proof high-security SSL connection, and it is marked as having expired back in 1999, this custom generated (just now for you) page will not be cached or visible to anyone else.

    Therefore, these password strings are just for you. You may safely take these strings as they are, or use chunks from several to build your own if you prefer, or do whatever you want with them. Each set displayed are totally, uniquely yours.

    https://www.grc.com/passwords


    StevieO
     
  2. xmen

    xmen Guest

    Why would anyone use thiso_O
     
  3. AvianFlux

    AvianFlux Registered Member

    Joined:
    Dec 7, 2004
    Posts:
    237
    While there may be nothing wrong with a online PW generator, I prefer to use a stand alone program for that purpose.
     
  4. Airking

    Airking Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    1,083
    that's excellent. A good use for it is when setting a password for wireless computer operation. :cool:
     
  5. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Yeah, I agree. A program doing it on a remote server? No thanks... many pseudo-random generators are good enough anyway.
     
  6. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,101
    Hi TNT,

    Please excuse me for bringing up the issue of what constitutes "good enough" and "for what" exactly, but I seem to recollect that somewhere in the last 5 or so years there has been new work on randomness and many of the algorithms assumed to be so, were found not to be - as I somewhat "hazily" recollect.

    I'll have to scrounge around to find the technical paper references, unless someone else recalls OTTOTH?

    -- Tom
     
  7. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Well, ok. Maybe I was a little bit too rushed without explaining "for what".

    By, the way, with Internet Explorer in default options THIS generator leaves the password in clear text in the browser cache, because Internet Explorer stores encrypted pages in the cache by default. Here it's the IE cache content after visiting ONLY that page:

    http://img320.imageshack.us/img320/9586/immagine4eu.gif

    Here's passwords.htm from IE cache opened in Firefox:

    http://img413.imageshack.us/img413/2641/immagine20hq.gif


    So the page actually lies about the page not being present in the cache. It's MANDATORY to turn off the setting to cache ssl pages in IE if you want to use this, or securely erase the data after.

    EDIT: I think the proper header for the html page to prevent caching is:

    <META http-equiv="Pragma" content="no-store">

    but I wouldn't rely on buggy browsers to implement that.
     
    Last edited: Nov 27, 2005
Loading...
Thread Status:
Not open for further replies.