Posted by Peter Fox on 08/02/05 11:54

The recent thread in generating PINs reminded me:

Suppose I want to give someone a random password or ID then this is what
I do:
(1) Generate a hash, eg. MD5 form something, possibly a random number.
This gives a string in hex.
(2) Truncate it to the required number of characters

THEN
(3) Substitute the characters 0,1,5,8,B,C with eg h,k,p,r,t,w,x,y.
eg "AB15708" might become "AKTX7YH"

THE REASON is that O/0 1/l 5/S 8/B c/C can be mis-read. (Also M and N
are not suitable substitutes as if they are read over the phone are
easily confused. )

Personally for 1-off numbers I prefer to have a longer string and use
all upper case but for passwords use mixed case and shorter string to
encourage users to mix their case when they pick their own.




--
PETER FOX Not the same since the submarine business went under
peterfox@eminent.demon.co.uk.not.this.bit.no.html
2 Tees Close, Witham, Essex.
Gravity beer in Essex <http://www.eminent.demon.co.uk>

• Next in forum: Re: ???s scattered about .CHM?
• Prev in forum: Re: Problems Connecting To MySQL
• Thread view: Tip for generating passwords/serial numbers

[Reply to this message]