How secure is the generated password – could someone work out my UOB details from it?
The quick answer is “No”. The generated password is based on the username you give, not the password. The longer and more technical answer is: The generated password is based solely on your username and is generated as follows: Each night we generate a file containing (typically) 900 or so bits of random data on one of the systems hosting the web proxy cache service, using the Linux /dev/urandom device. We append the contents of this file to the username and take the md5 hash of the resulting string. This is converted to a hex string from which we take an 8 character substring and use that as the password. We believe that it is infeasible to deduce the secret given the username and generated password alone within its 24-hour validity.
