I use a password generator of my own design - basically takes the userid, concatenated with a fairly long secret phrase, and then I do SHA1 and convert it to base64, giving a password like: Acgq75VpCWjdsJaa5abe9JeX3I (don't worry, this isn't a real password to anything)
After Warren's comment about wanting 256 bits of entropy, I fed this through an online entropy calculator (https://planetcalc.com/2476/ - I wouldn't feed a real password through anything on the web!), and got 4.29 bits of Shannon entropy (replacing a character with a special character didn't change the number). Calculating it on a whole web page only gave 5.41. So I tried: dd if=/dev/random bs=100 count=1|od -c and the result only gave 5.00 bits So I'm guessing this isn't what he meant. http://rumkin.com/tools/password/passchk.php does a version and it says my fake password above is 130 bits. The 800 bits of random converted to hex gives 779 bits So I guess this is what Warren had in mind. Posting this in case it helps somebody on the list. Thanks ../Dave
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users