Date: Tue, 4 Aug 2009 17:34:31 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-questions@freebsd.org Subject: Re: Secure password generation...blasphemy! Message-ID: <20090804173431.52698379@gumby.homeunix.com> In-Reply-To: <64c038660908031928v15a76d15g5599e6f3fef936e1@mail.gmail.com> References: <64c038660908031928v15a76d15g5599e6f3fef936e1@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 3 Aug 2009 20:28:52 -0600 Modulok <modulok@gmail.com> wrote: > However, wouldn't hashing bytes from /dev/random be quite secure? The > hash function would cover any readily apparent patterns, if they were > found to existed. That's fine, the only issue is that hex digits lead to long passwords for a given stength. Most password generators are OK, provided that they ultimately derive a sufficiently strong seed from /dev/random and don't do anything stupid, this includes things like jot, which uses the arc4random library. The main problem is that there are still a few generators around, IIRC sysutils/pwgen is one, that still seed from the time and the pid, so I wouldn't use a generator unless I'd seen the source.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090804173431.52698379>