7.1.1. US DoD Recommendations for Password Generation

The United States Department of Defense has specific recommendations for password generation [DoD]. It suggests using the US Data Encryption Standard [DES] in Output Feedback Mode [MODES] as follows:

Use an initialization vector determined from
     the system clock,
     system ID,
     user ID, and
     date and time;
use a key determined from
     system interrupt registers,
     system status registers, and
     system counters; and,
as plain text, use an external randomly generated 64-bit
quantity such as the ASCII bytes for 8 characters typed
in by a system administrator.

The password can then be calculated from the 64 bit "cipher text" generated by DES in 64-bit Output Feedback Mode. As many bits as are needed can be taken from these 64 bits and expanded into a pronounceable word, phrase, or other format if a human being needs to remember the password.