Kirk Strauser wrote: > On Monday 08 January 2007 5:26 am, Ivan Voras wrote: > >> Here's an idea: >> >> $ head -c 64 /dev/random | md5 | head -c 10 > > Hugely bad idea. Since md5 outputs hex, you're only getting 4 bits of > entropy per character.
Yes, with 10 characters that's 5 bytes of practically pure random data, i.e. 40 bits. You're somewhat right: I don't know about pwgen but usually such utilities generate passwords from a set that looks like [0-9a-zA-Z-,], i.e. 6 bits per character. For a password of 8 characters, that's 48 bits, so 8 bits stronger than 10 hexadecimal characters. For equal entropy, 12 hex characters should be used. But hex characters are easier to remember :)
Description: OpenPGP digital signature