From owner-freebsd-questions@FreeBSD.ORG  Thu Aug  6 10:02:16 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id E610A1065676
	for <freebsd-questions@freebsd.org>;
	Thu,  6 Aug 2009 10:02:16 +0000 (UTC)
	(envelope-from cpghost@cordula.ws)
Received: from fw.farid-hajji.net (fw.farid-hajji.net [213.146.115.42])
	by mx1.freebsd.org (Postfix) with ESMTP id EE7DD8FC32
	for <freebsd-questions@freebsd.org>;
	Thu,  6 Aug 2009 10:02:13 +0000 (UTC)
Received: from phenom.cordula.ws (phenom [192.168.254.60])
	by fw.farid-hajji.net (Postfix) with ESMTP id 3655D36DD9;
	Thu,  6 Aug 2009 12:02:10 +0200 (CEST)
Date: Thu, 6 Aug 2009 12:02:09 +0200
From: cpghost <cpghost@cordula.ws>
To: Modulok <modulok@gmail.com>
Message-ID: <20090806100209.GA42719@phenom.cordula.ws>
References: <64c038660908031928v15a76d15g5599e6f3fef936e1@mail.gmail.com>
	<20090804075221.GA3909@slackbox.xs4all.nl>
	<20090804081841.GC74277@mech-cluster241.men.bris.ac.uk>
	<4A77F20F.5060500@boosten.org>
	<64c038660908040936m7872c211y2897990508ee8316@mail.gmail.com>
	<64c038660908040938m6b195216kb18edc17add0e5ba@mail.gmail.com>
	<64c038660908040939o349b7b16o6659d5f5f2eb65fb@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <64c038660908040939o349b7b16o6659d5f5f2eb65fb@mail.gmail.com>
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: freebsd-questions@freebsd.org
Subject: Re: Secure password generation...blasphemy!
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2009 10:02:17 -0000

On Tue, Aug 04, 2009 at 10:39:38AM -0600, Modulok wrote:
> But I'm also looking for a good way to generate high quality crypto
> keys. In the later case, the data being protected are disk images of
> clients...mountains of sensitive data. These will be on USB
> keys, and thus do not need to be memorized. Assuming my clients are
> not enemies of a state, /dev/random should be a sufficient source for
> this purpose, correct? i.e:
> 
> dd if=/dev/random of=foo.key bs=256 count=1

It should be "good enough"... but you need to do so reading on
non-linear key spaces first. Depending on the symmetric cipher,
not all keys are equally strong; and if you're unlucky, you may
catch one of those "bad keys" through /dev/random.

However, this is a fairly advanced crypto topic.

> Thanks guys!
> -Modulok-

-cpghost.

-- 
Cordula's Web. http://www.cordula.ws/