

Fresh passwords, every 5 seconds - maintheme
http://blog.bigcurl.de/2009/04/fresh-passwords-every-5-seconds.html
So you need a password now. Want it long, copy/paste save and secure? Here you go: http://p.squidshot.com.<p>Passwords are refreshed every 5 seconds. So no excuse of using bad passwords anymore.
======
gojomo
A little late for an April Fool's joke, isn't it?

The password-generating code is:

    
    
      SHA1(new Date().toUTCString().split("/").sort(
        function() {return 0.5 - Math.random()}).join(" "))
    

But toUTCString() doesn't return a string with any '/' characters, at least in
FF3, so it's really just:

    
    
      SHA1(new Date().toUTCString())
    

And toUTCString() trims milliseconds, so really it's just ths SHA1 of the
current time, to the second. Not very strong no matter how 'long' the output.

~~~
PostOnce
so, if you knew someone used that site to generate their password, look at the
date the account was created, SHA1 all the times on that date, and dictionary
attack it? Just my first guess, I'm not a master programmer or anything.

~~~
gojomo
Yes. And there are even ways to tell where someone has visited -- so you might
try this only against people who have visited that site/blog. Or the author of
the blog's accounts elsewhere.

It's not much worse than the other ways people pick low-security passwords,
but it doesn't justify its length, or meet its goal of: "Passwords should be
secure. One way to acheive this is by making them very long."

------
eli
Wow, what an _incredibly_ poor way to choose a password.

