password-generator

I am learning to use maven password encryption capabilities and I would like to know how to choose the parameter <password> . There are two things that I don't understand: 1) mvn --encrypt-master-password foobar will always give a different encrypted master password . Since the encrypted master password is always different, I see only two possibilities: A local property is stored somewhere so that it can be used to decrypt the encrypted master password to get the master password . That means that our encrypted server passwords can only be used locally. Nothing is stored and the master password

I would like to know the algorithm or technique used by this command (mvn --encrypt-master-password ). Each time I run it produces a different output. I'm assuming that it takes system time as a seed parameter. The encryption mechanism is not in the maven codebase per se. It is located on a library called plexus-cipher . It is always on the maven distribution. Mine is on lib/plexus-cipher-1.7.jar being 3.0.5 the maven version. The actual cipher is AES/CBC/PKCS5Padding . The key for the cipher and IV for the block chaining are derived iterating SHA-256 -ing over the provided password (encoded

Can anybody recommend a secure password generator available under a Apache or LGPL licence for Java? Knubo I would not worry that much about generating incredible strong one time passwords. Make the password long and it should not be a problem with brute force granted you limit how long the password is valid. If the password is only valid for say 1 hour then it will not be a problem if the password remains unused. And in that time span it is not likely that someone will get to crack it using brute force. It is also important that you only let the one time password work just one time. This way,