Repeated execution of mkpasswd

Question

Repeated execution of mkpasswd

On Linux, I use mkpasswd to generate random passwords for use on OS X, however I do not have this command. Instead of logging into my vps every time, I wanted to repeat it using Java. What I did was select random 4 lowercase letters, 2 uppercase letters, 2 characters (etc.) and 2 numbers. Then I create a vector and shuffle it.

Do you think this is good enough randomization?

+4

java linux

Hamza yerlikaya Jul 25 '09 at 7:53

source share

6 answers

If you use java.security.SecureRandom instead of java.util.Random, then this is probably safe. SecureRandom provides a "cryptographically strong pseudo random number generator (PRNG)." That is, this ensures that the seed cannot be easily guessed and that the generated numbers have high entropy.

+3

Yrlec Jul 25 '09 at 8:58

source share

Mac Ports has a similar pwgen command .

+1

Alexander Gladysh Jul 25 '09 at 8:53

source share

Depends on where your entropy comes from. Using rand () or similar functions that your particular language is associated with may be unsafe.

On OSX, you can use / dev / random, I think.

0

Inshallah Jul 25 '09 at 7:59

source share

Perhaps everything is in order, but you should allow you to randomize the password length, perhaps.

If your program became popular, it would become a weakness that the length of the password was publicly available. Also randomize the exact ratio of lower case: upper case: characters: numbers a bit.

0

Sean AO Harney Jul 25 '09 at 8:13

source share

Why not just compile mkpasswd on your OS X host?

0

Thorbjørn Ravn Andersen Jul 25 '09 at 8:25

source share

dfa · Accepted Answer · 2009-07-25T08:08:24+0000

Yes it is. If you use java.util.Random :

An instance of this class is used to generate a stream of pseudorandom numbers. The class uses a 48-bit seed, which is modified using a linear congruent formula. (See Donald Knuth, The Art of Programming, Volume 2, Section 3.2.1.)
Algorithms implemented by the Random class use a secure utility method, which on each call can contain up to 32 pseudo-randomly generated bits.

EDIT

in response to the comment:

 /** * Creates a new random number generator. This constructor sets * the seed of the random number generator to a value very likely * to be distinct from any other invocation of this constructor. */ public Random() { this(++seedUniquifier + System.nanoTime()); } private static volatile long seedUniquifier = 8682522807148012L;

Repeated execution of mkpasswd

More articles: