From owner-freebsd-questions@FreeBSD.ORG Tue Aug 4 16:42:24 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 728D3106571B for ; Tue, 4 Aug 2009 16:42:24 +0000 (UTC) (envelope-from modulok@gmail.com) Received: from mail-ew0-f206.google.com (mail-ew0-f206.google.com [209.85.219.206]) by mx1.freebsd.org (Postfix) with ESMTP id 011B48FC0A for ; Tue, 4 Aug 2009 16:42:23 +0000 (UTC) (envelope-from modulok@gmail.com) Received: by ewy2 with SMTP id 2so3823994ewy.43 for ; Tue, 04 Aug 2009 09:42:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=7WcYshwLxZuJrJiX077n80tuAs4KuSMCwjE7gY2WXxc=; b=rtb0ZVkB0a34rVRz1ylFofMOKgW3Z3iv7bIvALwm+fQldDg/XNKzgN9pXhlv6ZoKHE pLQqphLD+LxCWjoAVX7zarzjQPRrq10kG5rDwQ4RZfIgBR04AD+lIzBu6wgGSQrBJ55+ 4Vsal4rX3RRF9tSkEofMPQ0yfA6foz4k+bufA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=ZPqnsPsxXRGvzoea8kETcdsWADZhOEh4i5ac4EuXv6Nkfk7i/9P0bX7FgjGlDM/ROY I+qPg1xONNBL9xAdYdgS8jOJ4bM2ngDHyh7OlnxGOPZt2HCNsNxQY39BWhXNrZPTHKxs RzqUUm+4ZdZLVh5D3t7W6mUGapJk3mRyty1lA= MIME-Version: 1.0 Received: by 10.210.89.7 with SMTP id m7mr6869382ebb.14.1249404142862; Tue, 04 Aug 2009 09:42:22 -0700 (PDT) In-Reply-To: <20090804173939.598a224f@gumby.homeunix.com> References: <64c038660908031928v15a76d15g5599e6f3fef936e1@mail.gmail.com> <200908032220.50964.mel.flynn+fbsd.questions@mailing.thruhere.net> <20090804173939.598a224f@gumby.homeunix.com> Date: Tue, 4 Aug 2009 10:42:22 -0600 Message-ID: <64c038660908040942t6f7934detdeb7b138623eb884@mail.gmail.com> From: Modulok To: RW Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Secure password generation...blasphemy! X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Aug 2009 16:42:25 -0000 As I understand it I would have to double the length of a hashed password for it to be as secure as an un-hashed one, as each pair of characters represent one byte. Aye? -Modulok- On 8/4/09, RW wrote: > On Mon, 3 Aug 2009 22:20:50 -0800 > Mel Flynn wrote: > >> On Monday 03 August 2009 18:28:52 Modulok wrote: >> >> > I wrote a python script which uses /dev/random, and hashes the >> > output with sha256. I then truncate the output to the desired >> > length. Blasphemy! According to the superstitious password crowd my >> > passwords are not very secure ... maybe. >> >> They aren't, because you reduce the random to a much less random, >> *because* you are hashing. > > Not in FreeBSD, it's a 256bit PRNG and a 256 bit hash. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >