Hi guys:
I wanted to ask about the chances of getting a curse word or something close to
it when generating random password and emailing to users. If we use RT as our
ticketing system we can’t allow that to happen in our company. Its just looks
bad. I am asking because last time I generated a random password it came up as:
shittme
I know its not the same but quite close to something we can’t allow. Is there
any way to prevent that from happening?
Thanks in advance.
Hammad
I know its not the same but quite close to something we can’t allow. Is there
any way to prevent that from happening?
May I suggest Regexp::Common? 
You can use the $RE{profanity} test and force a regeneration if it
matches.
Another thought is to generate number-only, but somewhat long,
passwords.
Thanks,
/Autrijus/
Thus spake Hammad (rt@brisksolutions.com) [09/12/03 16:13]:
Hi guys:
I wanted to ask about the chances of getting a curse word or something close to
it when generating random password and emailing to users. If we use RT as our
ticketing system we can’t allow that to happen in our company. Its just looks
bad. I am asking because last time I generated a random password it came up as:
shittmeI know its not the same but quite close to something we can’t allow. Is there
any way to prevent that from happening?
If you filter bad words, then it’s not a random password.
You can make them up on your own, or filter them after the fact, if you
really don’t want to get curse words in your passwords.
I know its not the same but quite close to something we can’t allow. Is there
any way to prevent that from happening?May I suggest Regexp::Common?
You can use the $RE{profanity} test and force a regeneration if it
matches.Another thought is to generate number-only, but somewhat long,
passwords.
I was thinking the same, although combinations of letters and numbers.
If you make every two alternate, it’d be very difficult to create a word
of any meaning.
Such as: fu34@k7
John
Hammad wrote:
Hi guys:
I wanted to ask about the chances of getting a curse word or something close to
it when generating random password and emailing to users. If we use RT as our
ticketing system we can’t allow that to happen in our company. Its just looks
bad. I am asking because last time I generated a random password it came up as:
shittmeI know its not the same but quite close to something we can’t allow. Is there
any way to prevent that from happening?
Use only curses in your passwords, but always reverse them. Noone will
ever catch on. 
I was thinking the same, although combinations of letters and numbers.
If you make every two alternate, it’d be very difficult to create a word
of any meaning.
Surely you jest, sir. “sh11tm3” does not look much better.
/Autrijus/
I was thinking the same, although combinations of letters and numbers.
If you make every two alternate, it’d be very difficult to create a word
of any meaning.Surely you jest, sir. “sh11tm3” does not look much better.
N0 pr0813m! Ju57 run 17 7hr0u6h 4n 31173-70-3n6115h 7r4n51470r f1r57!
Ross A. Patterson
Chief Technology Officer
CatchFIRE Systems, Inc.
5885 Trinity Parkway, Suite 220
Centreville, VA 20120
(703) 563-4164
I was thinking the same, although combinations of letters and numbers.
If you make every two alternate, it’d be very difficult to create a word
of any meaning.Surely you jest, sir. “sh11tm3” does not look much better.
N0 pr0813m! Ju57 run 17 7hr0u6h 4n 31173-70-3n6115h 7r4n51470r f1r57!
Heh, my original post had one buried in it too. But again, it’d be hard
for it to be a word of any meaning. Send the text above to 100 non-IT
people and you’d be lucky to get more than 5 that know what you’re
saying. I’m still not sure what 31173 is.
To be honest, it’d be nearly impossible to fill his needs if you’re
gonna expect people to know pr0813m as a word when you send it as a
password (although I have a rule of no passwd’s less than 8 char).
J
Thanks guys for your reply, I liked couple of ideas. One to generate only
numbers, another to generate letters + numbers.
Now is something like that already in place to generate number and/or
letters+numbers or do I have to implement it from scratch. I am currently using
"GenerateRandomNextChar" to generate a password and send it automatically to
users. Is there a way to manipulate that function and generate only numbers.
Hammad
| On Tue, Dec 09, 2003 at 04:13:01PM -0500, Hammad wrote:
| > I know its not the same but quite close to something we can’t allow. Is
| there
| > any way to prevent that from happening?
|
| May I suggest Regexp::Common? 
|
| You can use the $RE{profanity} test and force a regeneration if it
| matches.
|
| Another thought is to generate number-only, but somewhat long,
| passwords.
|
| Thanks,
| /Autrijus/
It’s pretty easy to avoid words that will cause distress for people, whatever the reason may be
Avoid numbers that look like a letter: 0, 1, 3 and 5
Avoid vowels: a, e, i, o, u and A, E, I, O, U
This reduces your entropy a bit, but nothing serious. And you don’t have to be “that guy” who’s called into the office and being asked to explain why the machine-generated password sent to Vice President Bob looked too much like a word that he doesn’t like.