Can anybody recommend a secure password generator available under a Apache or LGPL licence for Java?
Can anybody recommend a secure password generator available under a Apache or LGPL licence
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Can anybody recommend a secure password generator available under a Apache or LGPL licence for Java?
I would not worry that much about generating incredible strong one time passwords. Make the password long and it should not be a problem with brute force granted you limit how long the password is valid. If the password is only valid for say 1 hour then it will not be a problem if the password remains unused. And in that time span it is not likely that someone will get to crack it using brute force.
It is also important that you only let the one time password work just one time. This way, if the password is intercepted the user will notice when the one time password has expired and can take appropriate actions.
I’d go for Apache Commons RandomStringUtils and let the password be 10-15 characters of letters and numbers.
…though it always is a question of how paranoid you want to be. This solution would be fine for a regular web application, but not good enough for a bank…