As some of you may know (I blogged, a year ago), we generate easy to remember, but long, passwords for various systems. The entropy in these is high (see xkcd/936 for details). The beauty of them is that they are easy to remember as they are constructed from real words.
We have some nice long word lists and have even organised them as adjectives followed by nouns to make even easier to remember. The word lists are longer than those suggested by Randall. But even if you had the exact word lists we use you still have very high entropy in the passwords. We use a true random number generator even (because we can).
There is, however, a problem, a side effect Randall did not explain. It is not just rude words (which are not too hard to eliminate from the word list) but word combinations that can be offensive.
One we noticed today, and have re-generated, is "starvingchildstillebony". None of those words are a problem on their own, but together they may be offensive.
There are some real gems that come up. But, of course, there are even more complex cases where we do not punctuate the words. I saw on facebook a hash tag of #susanalbumparty which is a bit "sus" to say the least. I suspect the word "therapist" is in our list as well...
Anyway, I think our customers are suitably understanding that a random number generator cannot really be out to get them, and they can just click to regenerate a new password.
Subscribe to:
Post Comments (Atom)
Playing with microphones
The latest LED board designs have included a TDK PDM I2S microphone - the idea was to make sound reactive LED strips. It is tiny (3.5mm x 2...
-
Broadband services are a wonderful innovation of our time, using multiple frequency bands (hence the name) to carry signals over wires (us...
-
For many years I used a small stand-alone air-conditioning unit in my study (the box room in the house) and I even had a hole in the wall fo...
-
It seems there is something of a standard test string for anti virus ( wikipedia has more on this). The idea is that systems that look fo...
And this is exactly why I registered
ReplyDeletewww.lovetherapist.co.uk
Giving advice about love... what else could it mean...?
We used the Randall scheme for high entropy "day" passwords for a conference WiFi system we manage for a while. It generated 30 days worth of RADIUS auth rows at a time and e-mailed the list to the company that managed the conference centre. We had to give up after a few months and go back to "kdf01#Eop3" type passwords as each batch generally contained one questionable and one downright obscene permutation.
ReplyDeleteOh you clearly haven't read this:
ReplyDeleteThe Automated Curse Generator
I don't understand how anyone could be offended by what is clearly four random words thrown together. Such people should never be allowed to live on their own in the community, surely? They need to be kept under close observation for their own safety. If someone chooses to take offence at the example you gave, they should see a psychiatrist. And not hassle you about it.
ReplyDeleteWe pander too much to morons. Sometimes, the right answer to a complaint is simply to tell the complainant to f*** off and grow up.
Yes, I appreciate you might not have actually *had* a complaint this time. But you were acting in *anticipation* of one. Which means the lunatics are actually taking over the asylum...