For some applications, we use an algorithmic number generator that gets combined with a regular password. The number generator spits out 6 digit numbers every 60 seconds according to an algorithm hashed specifically to the user of that generator and to a time index counter on a server. In order for someone to log in through the system they would need a specific, time synchronized number generator, the user account information tied to it, and that user's regular password. The net result is it effectively changes the login credentials every 60 seconds. Thanks! Kevin Finch Network Administrator DST Systems, Inc. 816/435-6039 krfinch@dstsystems.com Tim Reid cc: Sent by: Subject: OT: password/passphrase generation owner-kclug@marauder. illiana.net 06/05/2003 03:13 PM hey all, I've been looking at some of the high-level popular crypto/security texts lately, and one of the more interesting things that struck me was the different methods of generating/choosing passcodes. I've now seen several different methods used (APG, diceware, etc.) I haven't made up my mind as to the most secure (within reason for a common user like me) method of password generation for both login passwords and PGP/GPG passphrases... What does everybody use for secure/random password/passphrase generation? What are some of the different aspects of "your" method? Do you go for speed, maximum bits of entropy, etc.? --Tim OT: PS: I had someone ask me a "brainteaser" in a IRC channel, and I haven't been able to get back to them...but I think I know the answer. But I thought that I might share it with all you smart KCluggers :P What number does not belong? < 1 2 3 4 5 > And why does it not belong?