As long as people are getting paper copies of the passwords, try
something along the lines of:
ps -uaxww | sort -1nr | crypt | compress | uuencode foo | cut -c40-47
it returns things of the form:
&*)H$ @
YA
TJT8QVP6
Y#UV-;,F
N)LH.W2)
(NH),\"1
1EMI-;09
those are pretty unguessible passwords, also they are unrememberable,
so the user will want to change them. I usually put in a sed script in
the pipeline somewhere to add a few lowercase letters, and I also mix
the incomming data stream a bit as well (I usually mix 3 or 4 machines
ps output). You could use des encryption in place of crypt, or use
some sort of md5 hash function and take multiple hash blocks from the
output of ps | crypt | compress.
One thing to note is that ps may not be that random in the first few
data items (pid's 0, 1, 2 and 3 show up at the top on a few ps's I
know of) So I invert the list (sort by pid in reverse order) to put
the faster changing items toward the front. This works ok but isn't
all that great if the pid are rolling over.
The few character distribution tests I have had friends do (10000
iterations) show two shallow peaks from the data above, but as you
increase the dimention of the test it gets more random. Multicharacter
tests of 2 and 3 elements show some small clustering, but that is
pretty much gone by the time you make it into longer 4 and 5 element
strings.
-- John
John Rouillard
Senior Systems Administrator IDD Information Services
rouilj @
dstar .
iddis .
com Waltham, MA (617) 890-7227 x337
(617) 487-3937 (Direct)
Senior Systems Consultant (SERL Project) University of Massachusetts at Boston
rouilj @
cs .
umb .
edu (preferred) Boston, MA, (617) 287-6480
===============================================================================
My employers don't acknowledge my existence much less my opinions.
References:
|
|
