On Tue, 11 Oct 2005 01:21:55 +0200, Michael Ströder wrote: > Dan Stromberg wrote: >> [quoted text muted] > > http://www.faqs.org/rfcs/rfc2945.html > > Ciao, Michael.
OK, thanks for the reference. I guess I neglected to stress that we're talking about using random strings of characters, not dictionary words or other weak forms of user-chosen passwords. Is there something easily attacked about the original algorithm, if you use a long, quite random password in combination with a hash algorithm that hasn't been broken? If you look over my fallback-reboot package at: http://dcs.nac.uci.edu/~strombrg/fallback-reboot/ you'll see that there's a small python script that generates a 32 character hex string for the passwords. I suppose I probably should rewrite it to not use whrandom though. Thanks! -- http://mail.python.org/mailman/listinfo/python-list
