[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: add --rand xxxxxxxx

To: "Johan Danielsson" <joda@pdc.kth.se>
Subject: Re: add --rand xxxxxxxx
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Thu, 31 May 2007 11:53:22 -0700
Cc: heimdal-discuss@sics.se
In-Reply-To: <ba6328830705310106s105b05a4j2ec64f0c749d759e@mail.gmail.com>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <58eb69ab0705151633g15f9da6fx3b37c5ae7c0eb315@mail.gmail.com> <BDDA07DA-61E6-40E2-BEAA-1C6E8F53A230@jpl.nasa.gov> <ba6328830705310106s105b05a4j2ec64f0c749d759e@mail.gmail.com>
Reply-To: heimdal-discuss@sics.se, "Henry B. Hotz" <hotz@jpl.nasa.gov>

Understandable.  I have not asked for any changes.  It would be  
awkward for us to propagate the password back to a real person when  
we might use it.

The main time I might use it myself is to create cross-realm  
principals with non-Heimdal KDCs.  In that case I'd want at least 128  
bits of entropy, and 256 bits if AES-256 was supported.  Really,  
really unpleasant to deal with by real humans.  ;-)

I wrote a stand-alone program that filters /dev/random for printable  
characters as my solution.

On May 31, 2007, at 1:06 AM, Johan Danielsson wrote:

>> I wish it invented longer passwords, so I don't use it myself.
>
> I suppose there could be an option for that, but the idea is that the
> passwords should be possible to remember, and making them much
> longer would make it a lot harder.
>
> I think the current scheme gives about 55 bits of entropy.
>
> /Johan

------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

References:
- add --rand xxxxxxxx
  - From: "John Nietzsche" <john.nietzsche@gmail.com>
- Re: add --rand xxxxxxxx
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: add --rand xxxxxxxx
  - From: "Johan Danielsson" <joda@pdc.kth.se>

Prev by Date: Different Heimdal/MIT behaviour of krb5_get_credentials ?
Next by Date: Re: Different Heimdal/MIT behaviour of krb5_get_credentials ?
Prev by thread: Re: add --rand xxxxxxxx
Next by thread: business proposal
Index(es):
- Date
- Thread