[WEB SECURITY] Using JavaScript to generate "secure" passwords.

Hoffman, Billy billy.hoffman at hp.com
Thu Jan 31 20:10:58 EST 2008


> Certainly better than letting users select a password.

That would be awesome!

<i>Please select a password</i>
<select name=pass>
  <option value=1>god</option>
  <option value=2>sex</option>
  <option value=3>money</option>
</select>

Pen Gillette at his cinematic finest!

Billy Hoffman
--
Manager, HP Security Labs
HP Software
Direct: 770-343-7069
http://www.hp.com

-----Original Message-----
From: Mike Fratto [mailto:mfratto at gmail.com]
Sent: Thursday, January 31, 2008 6:07 PM
To: Stephan Wehner
Cc: Michael Vance; websecurity at webappsec.org
Subject: Re: [WEB SECURITY] Using JavaScript to generate "secure" passwords.

Guys, I hear what you are saying about entropy and random number
generation, but let me ask this question.

The plan to generate passwords for users, so isn't this method to
generating pseudo-random data good enough? Certainly better than
letting users select a password.

I don't know. :)

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list