需要安全的密码生成器推荐 [英] Need a secure password generator recommendation

问题描述

有人可以推荐使用Apache或LGPL许可证下的Java安全密码生成器吗？

Can anybody recommend a secure password generator available under a Apache or LGPL licence for Java?

推荐答案

我不担心关于生成令人难以置信的强大的一次性密码。将密码设置得很长，并且在强制密码有效期限的情况下使用暴力不应该是一个问题。如果密码仅在1小时内有效，那么如果密码仍未使用则不会有问题。在那个时间跨度内，不太可能有人会使用暴力破解它。

I would not worry that much about generating incredible strong one time passwords. Make the password long and it should not be a problem with brute force granted you limit how long the password is valid. If the password is only valid for say 1 hour then it will not be a problem if the password remains unused. And in that time span it is not likely that someone will get to crack it using brute force.

同样重要的是，你只让一次性密码才能工作一个时间。这样，如果密码被截获，用户将注意到一次性密码何时到期并且可以采取适当的操作。

It is also important that you only let the one time password work just one time. This way, if the password is intercepted the user will notice when the one time password has expired and can take appropriate actions.

我会选择Apache Commons RandomStringUtils ，密码为10-15个字母和数字。

I'd go for Apache Commons RandomStringUtils and let the password be 10-15 characters of letters and numbers.

...虽然它总是一个你想成为多么偏执的问题。这个解决方案适用于常规Web应用程序，但对银行来说还不够......

...though it always is a question of how paranoid you want to be. This solution would be fine for a regular web application, but not good enough for a bank...

这篇关于需要安全的密码生成器推荐的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！